A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network. What actions should the SysOps Administrator take to meet these requirements?
A) Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
B) Create a VPC endpoint for the S3 bucket, and create a S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.
C) Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.
D) Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.
Correct Answer:
Verified
Q682: A SysOps Administrator at an ecommerce company
Q683: A Storage team wants all data transfers
Q684: Two companies will be working on several
Q685: Development teams are maintaining several workloads on
Q686: A company wants to increase the availability
Q688: A company is planning to deploy multiple
Q689: A developer is deploying a web application
Q690: An application is being migrated to AWS
Q691: A SysOps Administrator has created a new
Q692: An application runs on Amazon EC2 instances
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents