AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 120

You are responsible for several EC2 instances deployed from Amazon AMIs that are required to upload information to an S3 bucket. This information must not traverse the public internet. You must also be able to update the instances. Which option is your best solution?

Answer options

• A. An S3 endpoint and a NAT
• B. An S3 endpoint
• C. A VPN to the IP addresses specified in the AWS official S3 prefix list
• D. A NACL with the AWS prefix list added to it and a VPN.

Correct answer: B

Explanation

The correct answer is B, an S3 endpoint, because it allows the EC2 instances to access the S3 bucket directly without traversing the public internet. Option A introduces unnecessary complexity by adding a NAT, while C and D involve VPNs, which are not required for direct access to S3 via the endpoint.