AWS Certified Solutions Architect – Associate (SAA-C02) — Question 265

A company's website hosted on Amazon EC2 instances processes classified data stored in Amazon S3. Due to security concerns, the company requires a private and secure connection between its EC2 resources and Amazon S3.
Which solution meets these requirements?

Answer options

• A. Set up S3 bucket policies to allow access from a VPC endpoint.
• B. Set up an IAM policy to grant read-write access to the S3 bucket.
• C. Set up a NAT gateway to access resources outside the private subnet.
• D. Set up an access key ID and a secret access key to access the S3 bucket.

Correct answer: A

Explanation

A VPC endpoint for Amazon S3 enables EC2 instances to connect securely and privately to S3 buckets using internal AWS routing, bypassing the public internet. Restricting access via S3 bucket policies to only allow traffic from this specific VPC endpoint ensures that data remains secure and isolated. In contrast, NAT gateways route traffic over the internet, and IAM policies or access keys do not establish a private network pathway.