AWS Certified Solutions Architect – Associate (SAA-C02) — Question 716

A company runs a photo processing application that needs to frequently upload and download pictures from Amazon S3 buckets that are located in the same
AWS Region. A solutions architect has noticed an increased cost in data transfer fees and needs to implement a solution to reduce these costs.
How can the solutions architect meet this requirement?

Answer options

• A. Deploy Amazon API Gateway into a public subnet and adjust the route table to route S3 calls through it.
• B. Deploy a NAT gateway into a public subnet and attach an endpoint policy that allows access to the S3 buckets.
• C. Deploy the application into a public subnet and allow it to route through an internet gateway to access the S3 buckets.
• D. Deploy an S3 VPC gateway endpoint into the VPC and attach an endpoint policy that allows access to the S3 buckets.

Correct answer: D

Explanation

Deploying a VPC gateway endpoint for Amazon S3 enables direct, private connectivity between the VPC and S3 without traversing the public internet, which eliminates regional data transfer charges. Utilizing an internet gateway or NAT gateway for S3 traffic results in standard data transfer and processing fees, making them cost-inefficient. Amazon API Gateway is not designed for routing direct VPC-to-S3 storage traffic to reduce transfer costs.