A retailer exports data daily from its transactional databases into an S3 bucket in the Sydney region. The retailer’s Data Warehousing team wants to import this data into an existing Amazon Redshift cluster in their VPC at Sydney. Corporate security policy mandates that data can only be transported within a VPC.
What combination of the following steps will satisfy the security policy?
Choose 2 answers from the options given below.
A. Enable Amazon Redshift Enhanced VPC Routing.
B. Create a Cluster Security Group to allow the Amazon Redshift cluster to access Amazon S3.
C. Create a NAT gateway in a public subnet to allow the Amazon Redshift cluster to access Amazon S3.
D. Create and configure an Amazon S3 VPC endpoint.
A. & D.
Amazon Redshift Enhanced VPC Routing provides VPC resources, the access to Redshift.
Redshift will not be able to access the S3 VPC endpoints without enabling Enhanced VPC routing, so one option is not going to support the scenario if another is not selected.
NAT instance (the proposed answer) cannot be reached by Redshift without enabling Enhanced VPC Routing.