AWS Certified Database – Specialty — Question 113

A company has applications running on Amazon EC2 instances in a private subnet with no internet connectivity. The company deployed a new application that uses Amazon DynamoDB, but the application cannot connect to the DynamoDB tables. A developer already checked that all permissions are set correctly.
What should a database specialist do to resolve this issue while minimizing access to external resources?

Answer options

• A. Add a route to an internet gateway in the subnet's route table.
• B. Add a route to a NAT gateway in the subnet's route table.
• C. Assign a new security group to the EC2 instances with an outbound rule to ports 80 and 443.
• D. Create a VPC endpoint for DynamoDB and add a route to the endpoint in the subnet's route table.

Correct answer: D

Explanation

Creating a VPC endpoint for DynamoDB allows the EC2 instances in the private subnet to securely access DynamoDB without needing an internet connection. The other options either require internet access or do not specifically address the need to connect to DynamoDB from a private subnet.