makeporngreatagain.pro
yeahporn.top
hd xxx
Uncategorized

Practice Test 1 | AWS Certified Solutions Architect Associate | SAA-C03 | Dumps | Mock Test

55,431

Question 39

An EC2 instance in the private subnet needs access to the S3 bucket placed in the same region as that of the EC2 instance. The EC2 instance needs to upload and download bigger files to the S3 bucket frequently.

As an AWS Solutions Architect, what quick and cost-effective solution would you suggest to your customers? You need to consider that the EC2 instances are present in the private subnet, and the customers do not want their data to be exposed over the internet.

A. Place the S3 bucket in another public subnet of the same region and create a VPC peering connection to this private subnet where the EC2 instance is placed. The traffic to upload and download files will go through secure Amazon’s private network.

B. Create an IAM role having access over the S3 service and assign it to the EC2 instance.

C. Create a VPC endpoint for S3, use your route tables to control which instances can access resources in Amazon S3 via the endpoint. The traffic to upload and download files will go through the Amazon private network.

D. A private subnet can always access S3 bucket/ service through the NAT Gateways or NAT instances, so there is no need for additional setup.

Answer

Explanation:

Correct Answer: C

  • Option A is incorrect because the S3 service is region-specific, not AZ’s specific, and the statement talks about placing the S3 bucket in Public Subnet.
  • Option B is incorrect because the VPC endpoint has a policy that controls the use of the endpoint to access Amazon S3 resources. The default policy allows access by any user or service within the VPC, using credentials from any AWS account to any Amazon S3 resource.
  • Option C is correct. It can help to access the S3 services in the same region for the EC2 instance. You can create a VPC endpoint and update the route entry of the route table associated with the private subnet. This is a quick solution as well as cost-effective as it will use Amazon’s own private network. Hence, it won’t expose the data over the internet.
  • Option D is incorrect as this is certainly not a default setup unless we create a NAT Gateway or Instance. Even if they are there, it’s an expensive solution and exposes the data over the internet.

References:

admin
You might also like More from author

Comments are closed, but trackbacks and pingbacks are open.

baseofporn.com https://www.opoptube.com
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.