AWS Certified Cloud Practitioner (CLF-C02) — Question 639

A company wants to securely access an Amazon S3 bucket from an Amazon EC2 instance without accessing the internet.

What should the company use to accomplish this goal?

Answer options

• A. VPN connection
• B. Internet gateway
• C. VPC endpoint
• D. NAT gateway

Correct answer: C

Explanation

A VPC endpoint enables private connectivity between a VPC and supported AWS services, such as Amazon S3, without requiring traffic to traverse the public internet. This ensures that data remains within the AWS network, fulfilling the security requirement. In contrast, Internet gateways, NAT gateways, and VPN connections are used for routing traffic to or over the internet, which does not meet the specified criteria.