Which combination of actions should solutions archived take to accomplish this?

By: study aws cloud

On: January 8, 2025

Tagged: Solutions Architect Associate

With: 0 Comments

An application is running on Amazon EC2 instances.Sensitive information required for the application is stored in an Amazon S3 bucket.The bucket needs to be protected from internet access while only allowing services within the VPC access to the bucket.

Which combination of actions should solutions archived take to accomplish this?

(Choose two.)

Create a VPC endpoint for Amazon S3.

Enable server access logging on the bucket.

Apply a bucket policy to restrict access to the S3 endpoint.

Add an S3 ACL to the bucket that has sensitive information.

Restrict users using the IAM policy to use the specific bucket.

Explanations:

Creating a VPC endpoint for Amazon S3 ensures that traffic between the VPC and S3 does not go through the internet.

Enabling server access logging provides audit information but does not control access or restrict internet access.

Applying a bucket policy to restrict access to the S3 endpoint ensures that only traffic through the VPC endpoint can access the bucket.

S3 ACLs are not sufficient for this scenario as they do not provide the required granularity to enforce VPC-level restrictions.

Restricting users with an IAM policy to access the bucket does not prevent internet access to the bucket.

Previous Post: Which AWS Cloud benefit is shown by an architecture’s ability to withstand failures with minimal downtime?

Next Post: What is an AWS responsibility under the AWS shared responsibility model?

Leave a Reply Cancel reply