AWS Certified Developer – Associate (DVA-C02) — Question 150

A company has multiple Amazon VPC endpoints in the same VPC. A developer needs to configure an Amazon S3 bucket policy so users can access an S3 bucket only by using these VPC endpoints.

Which solution will meet these requirements?

Answer options

• A. Create multiple S3 bucket polices by using each VPC endpoint ID that have the aws:SourceVpce value in the StringNotEquals condition.
• B. Create a single S3 bucket policy that has the aws:SourceVpc value and in the StringNotEquals condition to use VPC ID.
• C. Create a single S3 bucket policy that has the aws:SourceVpce value and in the StringNotEquals condition to use vpce*.
• D. Create a single S3 bucket policy that has multiple aws:sourceVpce value in the StringNotEquals condition. Repeat for all the VPC endpoint IDs.

Correct answer: D

Explanation

The correct answer is D because it allows specifying multiple VPC endpoint IDs directly in the S3 bucket policy, ensuring only requests from those endpoints can access the bucket. Option A is incorrect as it suggests multiple policies instead of a single one. Option B does not use the correct condition for VPC endpoints. Option C also fails as it uses a wildcard instead of specifying the actual endpoint IDs, which does not meet the requirement.