AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 228

A company’s data center is connected to a single AWS Region by an AWS Direct Connect dedicated connection. The company has a single VPC in the Region. The company stores logs for all its applications locally in the data center.

The company must keep all application logs for 7 years. The company decides to copy all application logs to an Amazon S3 bucket.

Which solution will meet these requirements?

Answer options

• A. Create a public VIF on the Direct Connect connection. Create an Amazon S3 gateway endpoint in the VPC.
• B. Create a private VIF on the Direct Connect connection. Create an Amazon S3 gateway endpoint in the VPC.
• C. Create a private VIF on the Direct Connect connection. Create an Amazon S3 interface endpoint in the VPC.
• D. Create a public VIF on the Direct Connect connection. Create an Amazon S3 interface endpoint in the VPC.

Correct answer: C

Explanation

Option C is correct because it uses a private VIF, which allows for secure communication between the on-premises data center and the VPC, and an Amazon S3 interface endpoint, which is necessary for accessing S3 without routing through the public internet. Options A and D involve public VIFs, which are not suitable for private access to S3. Option B, while using a private VIF, employs a gateway endpoint, which cannot be used with a Direct Connect connection for S3 access.