Which combination of actions should solutions archived take to accomplish this?

By:
In: SAA-C02
Tagged:
With: 2 Comments
An application is running on Amazon EC2 instances.Sensitive information required for the application is stored in an Amazon S3 bucket.The bucket needs to be protected from internet access while only allowing services within the VPC access to the bucket.

Which combination of actions should solutions archived take to accomplish this?

(Choose two.)

Create a VPC endpoint for Amazon S3.

Enable server access logging on the bucket.

Apply a bucket policy to restrict access to the S3 endpoint.

Add an S3 ACL to the bucket that has sensitive information.

Restrict users using the IAM policy to use the specific bucket.

Explanations:

Creating a VPC endpoint for Amazon S3 ensures that traffic between the VPC and S3 does not go through the internet.

Enabling server access logging provides audit information but does not control access or restrict internet access.

Applying a bucket policy to restrict access to the S3 endpoint ensures that only traffic through the VPC endpoint can access the bucket.

S3 ACLs are not sufficient for this scenario as they do not provide the required granularity to enforce VPC-level restrictions.

Restricting users with an IAM policy to access the bucket does not prevent internet access to the bucket.

2026-03-25

2 Comments

  1. Andrea
    Author

    If I’m not mistaken, the answer is:
    Create a VPC endpoint for Amazon S3.

  2. Betty
    Author

    I would say the answer is:
    Create a VPC endpoint for Amazon S3.

Leave a Reply

Your email address will not be published. Required fields are marked *

20 + fourteen =