AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 39

Your company's policy requires that all VPCs peer with a `common services: VPC. This VPC contains a fleet of layer 7 proxies and an Internet gateway. No other
VPC is allowed to provision an Internet gateway. You configure a new VPC and peer with the common service VPC as required by policy. You launch an Amazon
EC2. Windows instance configured to forward all traffic to the layer 7 proxies in the common services VPC. The application on this server should successfully interact with Amazon S3 using its properly configured AWS Identity and Access Management (IAM) role. However, Amazon S3 is returning 403 errors to the application.
Which step should you take to enable access to Amazon S3?

Answer options

• A. Update the S3 bucket policy with the private IP address of the instance.
• B. Exclude 169.254.169.0/24 from the instance's proxy configuration.
• C. Configure a VPC endpoint for Amazon S3 in the same subnet as the instance.
• D. Update the CORS configuration for Amazon S3 to allow traffic from the proxy.

Correct answer: D

Explanation

The correct answer is D because updating the CORS configuration for Amazon S3 allows the application to interact with S3 through the proxies. The other options do not address the underlying issue of access permissions or traffic routing related to the proxies and would not resolve the 403 errors.