AWS Certified Solutions Architect – Professional (SAP-C02) — Question 215

A company wants to send data from its on-premises systems to Amazon S3 buckets. The company created the S3 buckets in three different accounts. The company must send the data privately without the data traveling across the internet. The company has no existing dedicated connectivity to AWS.

Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

Answer options

• A. Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Set up an AWS Direct Connect connection with a private VIF between the on-premises environment and the private VPC.
• B. Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Set up an AWS Direct Connect connection with a public VIF between the on-premises environment and the private VPC.
• C. Create an Amazon S3 interface endpoint in the networking account.
• D. Create an Amazon S3 gateway endpoint in the networking account.
• E. Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Peer VPCs from the accounts that host the S3 buckets with the VPC in the network account.

Correct answer: A, C

Explanation

The correct answers, A and C, ensure secure and private data transfer to S3 without traversing the internet. Option A establishes a dedicated connection through Direct Connect with a private VIF to the VPC, while option C creates an interface endpoint for S3. The other options do not meet the requirement for private data transfer or involve incorrect configurations, such as using a public VIF or not providing the necessary endpoint type.