AWS Certified Solutions Architect – Associate (SAA-C02) — Question 29

A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in a VPC do not traverse the internet.
What should the solutions architect do to accomplish this? (Choose two.)

Answer options

• A. Create a route table entry for the endpoint.
• B. Create a gateway endpoint for DynamoDB.
• C. Create a new DynamoDB table that uses the endpoint.
• D. Create an ENI for the endpoint in each of the subnets of the VPC.
• E. Create a security group entry in the default security group to provide access.

Correct answer: A, B

Explanation

Creating a gateway endpoint for DynamoDB allows the EC2 instances to access DynamoDB without routing traffic over the internet, ensuring secure communication. Additionally, establishing a route table entry for the endpoint is essential to direct traffic correctly. The other options do not provide a method for maintaining private connectivity to the DynamoDB service.