Topic 1 Question 1016
A company runs an application in a private subnet behind an Application Load Balancer (ALB) in a VPC. The VPC has a NAT gateway and an internet gateway. The application calls the Amazon S3 API to store objects.
According to the company's security policy, traffic from the application must not travel across the internet.
Which solution will meet these requirements MOST cost-effectively?
Configure an S3 interface endpoint. Create a security group that allows outbound traffic to Amazon S3.
Configure an S3 gateway endpoint. Update the VPC route table to use the endpoint.
Configure an S3 bucket policy to allow traffic from the Elastic IP address that is assigned to the NAT gateway.
Create a second NAT gateway in the same subnet where the legacy application is deployed. Update the VPC route table to use the second NAT gateway.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: B
S3 gateway endpoint
https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
👍 4sOI852POL2024/10/21 - 正解だと思う選択肢: B
Keyword: ec2 connect s3 -> vpc endpoint or s3 endpoint
👍 2trinh_le2024/12/01 - 正解だと思う選択肢: B
Answer is B
👍 1aragon_saa2024/10/18
シャッフルモード