AWS Certified Machine Learning Engineer – Associate (MLA-C01) — Question 87

A company shares Amazon SageMaker Studio notebooks that are accessible through a VPN. The company must enforce access controls to prevent malicious actors from exploiting presigned URLs to access the notebooks.

Which solution will meet these requirements?

Answer options

• A. Set up Studio client IP validation by using the aws:sourceIp IAM policy condition.
• B. Set up Studio client VPC validation by using the aws:sourceVpc IAM policy condition.
• C. Set up Studio client role endpoint validation by using the aws:PrimaryTag IAM policy condition.
• D. Set up Studio client user endpoint validation by using the aws:PrincipalTag IAM policy condition.

Correct answer: A

Explanation

The correct answer, A, is effective because it restricts access based on the client's IP address, ensuring only authorized users can access the notebooks. Options B, C, and D do not provide the necessary control over IP addresses, which is crucial for preventing unauthorized access via presigned URLs.