AWS Certified SysOps Administrator – Associate — Question 174

A SysOps administrator configures an Amazon S3 gateway endpoint in a VPC. The private subnets inside the VPC do not have outbound internet access. User logs in to an Amazon EC2 instance in one of the private subnets and cannot upload a file to an Amazon S3 bucket in the same AWS Region.

Which solution will solve this problem?

Answer options

• A. Update the EC2 instance role policy to include s3:PutObject access to the target S3 bucket.
• B. Update the EC2 security group to allow outbound traffic to 0.0.0.0/0 for port 80.
• C. Update the EC2 subnet route table to include the S3 prefix list destination routes to the S3 gateway endpoint.
• D. Update the S3 bucket policy to allow s3:PutObject access from the private subnet CIDR block.

Correct answer: C

Explanation

The correct answer is C because adding the S3 prefix list destination routes to the route table allows traffic from the private subnet to reach the S3 gateway endpoint without needing internet access. Option A does not address the routing issue, B suggests allowing outbound traffic that isn't necessary, and D focuses on bucket permissions rather than network connectivity.