AWS Certified Solutions Architect – Associate (SAA-C03) — Question 759

A company’s website hosted on Amazon EC2 instances processes classified data stored in Amazon S3. Due to security concerns, the company requires a private and secure connection between its EC2 resources and Amazon S3.

Which solution meets these requirements?

Answer options

• A. Set up S3 bucket policies to allow access from a VPC endpoint.
• B. Set up an IAM policy to grant read-write access to the S3 bucket.
• C. Set up a NAT gateway to access resources outside the private subnet.
• D. Set up an access key ID and a secret access key to access the S3 bucket.

Correct answer: A

Explanation

Using a VPC endpoint allows data transmission between Amazon EC2 and Amazon S3 to remain entirely within the private AWS network, meeting the security requirement for a private connection. Configuring S3 bucket policies to restrict access to this specific VPC endpoint ensures that traffic does not traverse the public internet. Other options like IAM policies, access keys, or NAT gateways do not establish this private, dedicated network path.