Topic 1 Question 255
A company hosts application servers on premises and on Amazon EC2 instances in a VPC. The application servers access data that is hosted in an Amazon S3 bucket through the public internet. The EC2 instances in the VPC use an AWS Site-to-Site VPN for connectivity with the on-premises application servers.
New company regulations state that all traffic between the application servers and the S3 bucket must remain private and must not use public IP addresses.
Which solution will meet these requirements MOST cost-effectively?
Configure an S3 gateway endpoint Modify the route table with the appropriate route for the endpoint. Access the S3 bucket through the gateway endpoint from the EC2 instances.
Configure an S3 interface endpoint. Update the on-premises servers and EC2 instances to use the interface endpoint DNS name to access the S3 bucket.
Configure an S3 interface endpoint. Update the on-premises servers to use the interface endpoint DNS name to access the S3 bucket. Configure an S3 gateway endpoint. Modify the route table so that the EC2 instances use the gateway endpoint.
Configure an S3 gateway endpoint. Modify the route table with the appropriate route for the endpoint. Use an S3 bucket policy to restrict access to the gateway endpoint. Configure a proxy server fleet behind a Network Load Balancer in the VPC so that the on-premises servers can access the S3 bucket.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: C
because gateway endpoints are not accessible from sources outside the VPC
👍 3nico732025/01/07 - 正解だと思う選択肢: B
B. traffic is sourced from On-Prem to S3 in private. So Interface endpoint is needed.
👍 2meseerie2025/01/08 - 正解だと思う選択肢: C
most cost-effective solution because:
Gateway endpoints are free and perfect for EC2 instances in the VPC Interface endpoints, while having a cost, are necessary for on-premises servers Each type of server uses the most appropriate endpoint type No unnecessary components like proxy fleets or load balancers
👍 2woorkim2025/01/12
シャッフルモード