How should a solutions architect configure access?

By:
In: SAA-C02
Tagged:
With: 1 Comment
A company’s application hosted on Amazon EC2 instances needs to access an Amazon S3 bucket.Due to data sensitivity, traffic cannot traverse the internet.

How should a solutions architect configure access?

Create a private hosted zone using Amazon Route 53.

Configure a VPC gateway endpoint for Amazon S3 in the VPC.

Configure AWS PrivateLink between the EC2 instance and the S3 bucket.

Set up a site-to-site VPN connection between the VPC and the S3 bucket.

Explanations:

A private hosted zone does not provide a direct secure connection to S3; it is for DNS resolution.

A VPC gateway endpoint allows EC2 instances to access S3 without traversing the internet, ensuring secure data transfer.

AWS PrivateLink is not applicable for accessing S3; it is used for accessing services hosted by VPCs.

A site-to-site VPN connection is unnecessary for S3 access; it complicates the architecture and does not meet the requirement for direct access.

2025-10-13

1 Comment

  1. Ethan
    Author

    I structure that the answer is:
    Configure a VPC gateway endpoint for Amazon S3 in the VPC.

Leave a Reply

Your email address will not be published. Required fields are marked *

9 + ten =