AWS Certified Solutions Architect – Associate (SAA-C03) — Question 19

An application runs on an Amazon EC2 instance in a VPC. The application processes logs that are stored in an Amazon S3 bucket. The EC2 instance needs to access the S3 bucket without connectivity to the internet.
Which solution will provide private network connectivity to Amazon S3?

Answer options

• A. Create a gateway VPC endpoint to the S3 bucket.
• B. Stream the logs to Amazon CloudWatch Logs. Export the logs to the S3 bucket.
• C. Create an instance profile on Amazon EC2 to allow S3 access.
• D. Create an Amazon API Gateway API with a private link to access the S3 endpoint.

Correct answer: A

Explanation

The correct answer is A, as a gateway VPC endpoint allows private access from the EC2 instance to the S3 bucket without requiring internet connectivity. Option B does not provide a direct solution for accessing S3 privately, while option C only allows for permission but does not establish connectivity. Option D involves API Gateway, which is unnecessary for direct S3 access.