How should a solutions architect configure access to meet these requirements?

By:
In: SAA-C02
Tagged:
With: 2 Comments
An application that is hosted on Amazon EC2 instances needs to access an Amazon S3 bucket.Traffic must not traverse the internet.

How should a solutions architect configure access to meet these requirements?

Create a private hosted zone by using Amazon Route 53.

Set up a gateway VPC endpoint for Amazon S3 in the VPC.

Configure the EC2 instances to use a NAT gateway to access the S3 bucket.

Establish an AWS Site-to-Site VPN connection between the VPC and the S3 bucket.

Explanations:

Creating a private hosted zone with Amazon Route 53 does not enable private connectivity to S3. It is mainly used for private DNS resolution within a VPC.

Setting up a gateway VPC endpoint for Amazon S3 allows EC2 instances to access the S3 bucket without using the internet, ensuring private connectivity.

Configuring a NAT gateway still routes traffic through the internet, which does not meet the requirement for private access.

A Site-to-Site VPN connection is used for secure communication between on-premises networks and AWS, not for internal VPC-to-S3 communication.

2026-03-18

2 Comments

  1. Sandra
    Author

    As I see it, the answer is:
    Set up a gateway VPC endpoint for Amazon S3 in the VPC.

  2. Zachary
    Author

    I rate that the answer is:
    Set up a gateway VPC endpoint for Amazon S3 in the VPC.

Leave a Reply

Your email address will not be published. Required fields are marked *

fifteen + eight =