A company has decided to move some workloads onto AWS to create a grid environment to run…

Question

A company has decided to move some workloads onto AWS to create a grid environment to run market analytics. The grid will consist of many similar instances, spun-up by a job-scheduling function. Each time a large analytics workload is completed, a new VPC is deployed along with job scheduler and grid nodes. Multiple grids could be running in parallel.
Key requirements are:
✑ Grid instances must communicate with Amazon S3 to retrieve data to be processed.
✑ Grid instances must communicate with Amazon DynamoDB to track intermediate data.
✑ The job scheduler needs only to communicate with the Amazon EC2 API to start new grid nodes.
A key requirement is that the environment has no access to the internet, either directly or via the on-premises proxy. However, the application needs to be able to seamlessly communicate to Amazon S3, Amazon DynamoDB, and Amazon EC2 API, without the need for reconfiguration for each new deployment.
Which of the following should the Solutions Architect do to achieve this target architecture? (Choose three.)

Accepted Answer

Correct answer: A, E, F. A. Enable VPC endpoints for Amazon S3 and DynamoDB. — E. Enable an interface VPC endpoint for EC2. — F. Configure Amazon S3 endpoint policy to permit access only from the grid nodes. — To enable private connectivity to AWS services without internet access, Gateway VPC Endpoints are used for Amazon S3 and DynamoDB, while an Interface VPC Endpoint is used for the EC2 API. Configuring an S3 endpoint policy ensures that access to S3 is locked down exclusively to the grid nodes. Other options like disabling Private DNS Name Support or manually modifying S3 endpoint DNS settings are unnecessary and would break the requirement for seamless, reconfiguration-free deployments.

AWS Certified Solutions Architect – Professional — Question 822

Answer options

Correct answer: A, E, F

Explanation