AWS Certified Data Engineer – Associate (DEA-C01) — Question 73

A data engineer is configuring an AWS Glue job to read data from an Amazon S3 bucket. The data engineer has set up the necessary AWS Glue connection details and an associated IAM role. However, when the data engineer attempts to run the AWS Glue job, the data engineer receives an error message that indicates that there are problems with the Amazon S3 VPC gateway endpoint.
The data engineer must resolve the error and connect the AWS Glue job to the S3 bucket.
Which solution will meet this requirement?

Answer options

• A. Update the AWS Glue security group to allow inbound traffic from the Amazon S3 VPC gateway endpoint.
• B. Configure an S3 bucket policy to explicitly grant the AWS Glue job permissions to access the S3 bucket.
• C. Review the AWS Glue job code to ensure that the AWS Glue connection details include a fully qualified domain name.
• D. Verify that the VPC's route table includes inbound and outbound routes for the Amazon S3 VPC gateway endpoint.

Correct answer: D

Explanation

The correct answer is D because having the appropriate routes in the VPC's route table is essential for the AWS Glue job to communicate with the S3 bucket through the VPC gateway endpoint. Option A is incorrect as modifying the security group alone does not address route table issues. Option B is not sufficient because a bucket policy alone does not resolve networking issues. Option C is irrelevant since the problem is related to VPC connectivity, not the job code.