How can the company enable the Amazon SageMaker service without enabling direct internet access to Amazon SageMaker notebook instances?
Create a NAT gateway within the corporate VPC.
Route Amazon SageMaker traffic through an on-premises network.
Create Amazon SageMaker VPC interface endpoints within the corporate VPC.
Create VPC peering with Amazon VPC hosting Amazon SageMaker.
Explanations:
A NAT gateway allows instances in a private subnet to connect to the internet while preventing the internet from initiating connections to those instances. This option does not align with the requirement to avoid direct internet access.
Routing traffic through an on-premises network would typically require some form of internet access or connectivity to AWS services, which contradicts the data security policy of avoiding internet communication.
Creating Amazon SageMaker VPC interface endpoints enables secure communication between SageMaker and other AWS services without requiring internet access. This setup allows SageMaker to operate entirely within the corporate VPC environment.
VPC peering enables private connectivity between VPCs but does not directly provide internet access restrictions or enable SageMaker without internet access. Additionally, it does not specifically address the requirement of keeping SageMaker traffic confined to the corporate VPC without internet exposure.