AWS Certified SysOps Administrator – Associate (legacy) — Question 743

A SysOps administrator is testing a new batch job. The batch job will upload 20 GB of data from Amazon EC2 instances in a private subnet to an Amazon S3 bucket each day. After the first test is complete, a small cost is reported. The cost has the heading `NAT Gateway - Data Processed.`
Which change can the SysOps administrator make to eliminate this cost for future tests?

Answer options

• A. Configure and use a VPC endpoint.
• B. Write an S3 bucket policy to enforce encryption in transit for the uploads.
• C. Configure the S3 bucket to use the S3 Intelligent-Tiering storage class.
• D. Disable cross-origin resource sharing (CORS) for the S3 bucket.

Correct answer: A

Explanation

Configuring a VPC gateway endpoint for Amazon S3 allows traffic to route directly from the private subnet to S3 over the AWS internal network, completely bypassing the NAT Gateway and eliminating its data processing charges. Other options, such as enforcing encryption in transit, changing the storage class, or disabling CORS, do not alter the network path and therefore will not prevent NAT Gateway fees.