AWS Certified AI Practitioner (AIF-C01) — Question 329

A company wants to set up private access to Amazon Bedrock APIs from the company’s AWS account. The company also wants to protect its data from internet exposure. Which solution meets these requirements?

Answer options

• A. Use Amazon CloudFront to restrict access to the company’s private content.
• B. Use AWS Glue to set up data encryption across the company’s data catalog.
• C. Use AWS Lake Formation to manage centralized data governance and cross-account data sharing.
• D. Use AWS PrivateLink to configure a private connection between the company’s VPC and Amazon Bedrock.

Correct answer: D

Explanation

AWS PrivateLink enables private connectivity between VPCs and AWS services, such as Amazon Bedrock, ensuring traffic does not traverse the public internet. Other options like Amazon CloudFront, AWS Glue, and AWS Lake Formation are designed for content delivery, data integration, and data governance respectively, rather than establishing secure, private API endpoints. Therefore, AWS PrivateLink is the only service that satisfies the requirement for private network access to Amazon Bedrock.