Which combination of steps will ensure that the DynamoDB database meets these requirements?

By:
In: DBS-C01
Tagged:
With: 1 Comment
A database administrator is reviewing the deployment of an application that uses Amazon DynamoDB.A fleet of Amazon EC2 application instances accesses the database.The database administrator notices that EC2 instances are using public IP addresses to access the database and that the database is available to the internet.Company policy requires that all corporate data must be accessed privately and that external access from the internet is not allowed.

Which combination of steps will ensure that the DynamoDB database meets these requirements?

(Choose two.)

Configure the DynamoDB security group and network ACLs to block external access.

Create an AWS PrivateLink VPC endpoint for DynamoDUpdate the VPC route table.

Create a gateway VPC endpoint for DynamoDB. Update the VPC route table.

Provision a NAT gateway to access DynamoDB. Update the VPC route table.

Use the aws:sourceVpce condition for all the IAM roles that provision access to the table.

Explanations:

DynamoDB does not use security groups or network ACLs; it is accessed through AWS endpoints or internet.

AWS PrivateLink is not used with DynamoDB. Private access is managed through a gateway VPC endpoint.

A gateway VPC endpoint provides private access to DynamoDB, ensuring traffic does not go over the internet.

A NAT gateway allows internet access for private subnets, but it does not provide private access to DynamoDB.

Using theaws:sourceVpcecondition ensures access is restricted to traffic coming from the VPC endpoint.

2025-10-05

1 Comment

  1. Ann
    Author

    As I recall, the answer is:
    Create a gateway VPC endpoint for DynamoDB. Update the VPC route table.

Leave a Reply

Your email address will not be published. Required fields are marked *

18 − 14 =