AWS Certified Solutions Architect – Associate (SAA-C02) — Question 540

A solutions architect is creating an application. The application will run on Amazon EC2 instances in private subnets across multiple Availability Zones in a VPC.
The EC2 instances will frequently access large files that contain confidential information. These files are stored in Amazon S3 buckets for processing. The solutions architect must optimize the network architecture to minimize data transfer costs.
What should the solutions architect do to meet these requirements?

Answer options

• A. Create a gateway endpoint for Amazon S3 in the VPC. In the route tables for the private subnets, add an entry for the gateway endpoint.
• B. Create a single NAT gateway in a public subnet. In the route tables for the private subnets, add a default route that points to the NAT gateway.
• C. Create an AWS PrivateLink interface endpoint for Amazon S3 in the VPC. In the route tables for the private subnets, add an entry for the interface endpoint.
• D. Create one NAT gateway for each Availability Zone in public subnets. In each of the route tables for the private subnets, add a default route that points to the NAT gateway in the same Availability Zone.

Correct answer: A

Explanation

Creating a gateway endpoint for Amazon S3 is the most cost-effective solution because gateway endpoints do not incur hourly charges or data processing fees. In contrast, routing traffic through NAT gateways or AWS PrivateLink interface endpoints would result in high data transfer costs due to their per-GB processing fees when handling large files.