Topic 1 Question 998
A company runs its legacy web application on AWS. The web application server runs on an Amazon EC2 instance in the public subnet of a VPC. The web application server collects images from customers and stores the image files in a locally attached Amazon Elastic Block Store (Amazon EBS) volume. The image files are uploaded every night to an Amazon S3 bucket for backup.
A solutions architect discovers that the image files are being uploaded to Amazon S3 through the public endpoint. The solutions architect needs to ensure that traffic to Amazon S3 does not use the public endpoint.
Which solution will meet these requirements?
Create a gateway VPC endpoint for the S3 bucket that has the necessary permissions for the VPC. Configure the subnet route table to use the gateway VPC endpoint.
Move the S3 bucket inside the VPC. Configure the subnet route table to access the S3 bucket through private IP addresses.
Create an Amazon S3 access point for the Amazon EC2 instance inside the VPConfigure the web application to upload by using the Amazon S3 access point.
Configure an AWS Direct Connect connection between the VPC that has the Amazon EC2 instance and Amazon S3 to provide a dedicated network path.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: C
I will choose Option C for the following reasons:
Private access: S3 access points allow you to create a private endpoint within your VPC that can be used to access the S3 bucket without going through the public endpoint. Security best practice: Using an S3 access point is considered a secure way to manage access to your S3 buckets from within your VPC. Configuration simplicity: You only need to configure the web application to use the S3 access point, making it a relatively straightforward implementation.
👍 3JA20182024/12/13 - 正解だと思う選択肢: A
A - Gateway VPC Endpoint provides private connectivity between resources in a VPC and AWS services like S3 without requiring an internet gateway, NAT gateway, or public IP address. B - This is just bull. Amazon S3 is a global service that cannot "move" into a VPC. C - This doesn't ensure private traffic between the EC2 instance and S3 at all. You still need VPC Endpoint. D - This may actually work but more expensive and complex compared to option A.
👍 3LeonSauveterre2025/01/08 - 正解だと思う選択肢: A
Answer is A
👍 2aragon_saa2024/10/07
シャッフルモード