AWS Certified Solutions Architect – Professional — Question 436

You are implementing AWS Direct Connect. You intend to use AWS public service end points such as Amazon S3, across the AWS Direct Connect link. You want other Internet traffic to use your existing link to an Internet Service Provider.
What is the correct way to configure AWS Direct connect for access to services such as Amazon S3?

Answer options

• A. Configure a public Interface on your AWS Direct Connect link. Configure a static route via your AWS Direct Connect link that points to Amazon S3 Advertise a default route to AWS using BGP.
• B. Create a private interface on your AWS Direct Connect link. Configure a static route via your AWS Direct connect link that points to Amazon S3 Configure specific routes to your network in your VPC.
• C. Create a public interface on your AWS Direct Connect link. Redistribute BGP routes into your existing routing infrastructure; advertise specific routes for your network to AWS.
• D. Create a private interface on your AWS Direct connect link. Redistribute BGP routes into your existing routing infrastructure and advertise a default route to AWS.

Correct answer: C

Explanation

To connect to public AWS services like Amazon S3 via AWS Direct Connect, a public virtual interface (VIF) is required, which eliminates options B and D. By propagating the BGP routes received from AWS into your internal routing infrastructure and advertising your specific public prefixes to AWS, traffic destined for AWS public endpoints is routed correctly over the Direct Connect link. Advertising a default route to AWS, as suggested in option A, would incorrectly redirect all other general internet traffic away from your ISP and toward AWS.