Topic 1 Question 47
A company is setting up an Amazon SageMaker environment. The corporate data security policy does not allow communication over the internet. How can the company enable the Amazon SageMaker service without enabling direct internet access to Amazon SageMaker notebook instances?
Create a NAT gateway within the corporate VPC.
Route Amazon SageMaker traffic through an on-premises network.
Create Amazon SageMaker VPC interface endpoints within the corporate VPC.
Create VPC peering with Amazon VPC hosting Amazon SageMaker.
解説
Reference: https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-dg.pdf (46)
ユーザの投票
コメント(17)
NAT CLOUD GO OUT TO THE INTERNET, IT STILL CANNOT PREVENT DOWNLOAD MALICIOUS BY YOURSELF.
THE RIGHT ANSWER IS C. C.INTERFACE VPC ENDPOINT
https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-dg.pdf (516) https://docs.aws.amazon.com/zh_tw/vpc/latest/userguide/vpc-endpoints.html
👍 42DonaldCMLIN2021/09/20C is correct. "The VPC interface endpoint connects your VPC directly to the Amazon SageMaker API or Runtime without an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection." https://docs.aws.amazon.com/sagemaker/latest/dg/interface-vpc-endpoint.html
👍 16tap1232021/09/29I'd be inclined to say A myself. Having Architected and built environments using PrivateLink (VPC Endpoints) the fundamental reason behind them is to keep your infra accessible in a private capacity.
So, say you are connecting from corp office to the Cloud and don't want the end-user exposing any data over the public internet, you would utilise an Endpoint connection.
@Donald... take your finger off CAPS dude ! You can make your comment without "shouting" !
👍 5jonclem2021/10/23
シャッフルモード