AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 8

You are deploying an EC2 instance in a private subnet that requires access to the Internet. One of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket in the same region via any URL.
Which of the following solutions should you deploy? (Choose two.)

Answer options

• A. Include s3.amazonaws.com in the whitelist.
• B. Create a VPC endpoint for S3.
• C. Run Squid proxy on a NAT instance.
• D. Deploy a NAT gateway into your VPC.
• E. Utilize a security group to restrict access.

Correct answer: B, C

Explanation

The correct answers are B and C. Creating a VPC endpoint for S3 (B) allows the EC2 instance to access S3 without traversing the Internet, while running a Squid proxy on a NAT instance (C) enables URL whitelisting. Options A and D do not meet the specific requirement of restricting access to particular URLs, and option E does not provide the necessary functionality for URL whitelisting.