Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 26 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 26
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is building its website on AWS in a single VPC. The VPC has public subnets and private subnets in two Availability Zones. The website has static content such as images. The company is using Amazon S3 to store the content.
The company has deployed a fleet of Amazon EC2 instances as web servers in a private subnet. The EC2 instances are in an Auto Scaling group behind an Application Load Balancer. The EC2 instances will serve traffic, and they must pull content from an S3 bucket to render the webpages. The company is using AWS Direct Connect with a public VIF for on-premises connectivity to the S3 bucket.
A network engineer notices that traffic between the EC2 instances and Amazon S3 is routing through a NAT gateway. As traffic increases, the company's costs are increasing. The network engineer needs to change the connectivity to reduce the NAT gateway costs that result from the traffic between the EC2 instances and Amazon S3.
Which solution will meet these requirements?

  • A. Create a Direct Connect private VIF. Migrate the traffic from the public VIF to the private VIF.
  • B. Create an AWS Site-to-Site VPN tunnel over the existing public VIF.
  • C. Implement interface VPC endpoints for Amazon S3. Update the VPC route table.
  • D. Implement gateway VPC endpoints for Amazon S3. Update the VPC route table.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by zaazanuna at March 18, 2023, 10:06 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
navi7
Highly Voted 1 year, 6 months ago
I think it should be D https://aws.amazon.com/premiumsupport/knowledge-center/vpc-reduce-nat-gateway-transfer-costs/ Determine whether the majority of your NAT gateway charges are from traffic to Amazon Simple Storage Service or Amazon DynamoDB in the same Region. If they are, then set up a gateway VPC endpoint. Route traffic to and from the AWS resource through the gateway VPC endpoint, rather than through the NAT gateway. There's no processing or hourly charges for using gateway VPC endpoints.
upvoted 8 times
...
zaazanuna
Highly Voted 1 year, 6 months ago
Correction - D - correct.
upvoted 5 times
...
seochan
Most Recent 3 months, 3 weeks ago
C is not possible because you have to use the endpoint IP to connect to S3 if you are using VPC interface endpoint(PrivateLink). It cannot be configured by updating the VPC route table.
upvoted 1 times
...
Raphaello
5 months, 2 weeks ago
Selected Answer: D
VPC Gateway endpoint to keep traffic for S3 within AWS backbone network. D is the correct answer.
upvoted 1 times
...
Marfee400704
7 months, 1 week ago
I thin that it's correct answer is D according to SPOTO products.
upvoted 1 times
...
marfee
7 months, 2 weeks ago
I think that it's correcty answer is D.
upvoted 1 times
...
dishu2511
9 months, 1 week ago
I think it is C and not D. Because, with S3 Gateway you are still using NAT GW yes it is cheaper than VPC endpoint. But the question specifically asks to reduce the cost of NAT GW. VPC endpoint provides a private IP, thus, the traffic between EC2 and S3 can be served without the NAT GW.
upvoted 1 times
...
Arad
10 months, 4 weeks ago
Selected Answer: D
Definitely D.
upvoted 1 times
...
habros
11 months, 1 week ago
Selected Answer: D
D. EC2 can call gateway endpoints, without the need for ENIs (interface) based endpoints. INterface endpoints cost $ by the hour and traffic charges. Gateway is free (s3/dynamodb)
upvoted 1 times
...
[Removed]
1 year, 2 months ago
Selected Answer: D
D = Most cost effective. Gateway VPC endpoints are more cost-effective than interface VPC endpoints because they do not require NAT gateways or VPN connections. Gateway endpoints are also free to create and use.
upvoted 1 times
...
alextl
1 year, 3 months ago
Selected Answer: D
Both C and D could reduce NAT Gateway cost, but D gateway endpoint no cost, C interface endpoint was priced at $0.01/per AZ/per hour , the cost depends on region. so D is better than C. https://aws.amazon.com/cn/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/
upvoted 1 times
...
Untamables
1 year, 5 months ago
Selected Answer: D
D To reduce data transfer charges for NAT gateways, you can use an interface endpoint or a gateway endpoint. https://repost.aws/knowledge-center/vpc-reduce-nat-gateway-transfer-costs If your NAT gateway charges are from traffic to Amazon S3 or Amazon DynamoDB in the same Region, you should choose a gateway endpoint. There is no additional charge for using gateway endpoints. On the other hand, An interface endpoint charges apply for each Gigabyte processed through the endpoint. https://docs.aws.amazon.com/vpc/latest/privatelink/gateway-endpoints.html https://docs.aws.amazon.com/vpc/latest/privatelink/what-is-privatelink.html https://aws.amazon.com/privatelink/pricing/
upvoted 4 times
...
linuxek21
1 year, 5 months ago
Correct Answer is D, As per documentation: Amazon S3 supports both gateway endpoints and interface endpoints. With a gateway endpoint, you can access Amazon S3 from your VPC, without requiring an internet gateway or NAT device for your VPC, and with no additional cost. However, gateway endpoints do not allow access from on-premises networks, from peered VPCs in other AWS Regions, or through a transit gateway. For those scenarios, you must use an interface endpoint, which is available for an additional cost. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html For those concerned about on-prem, this is not an issue when you use a public VIF
upvoted 2 times
...
ITgeek
1 year, 5 months ago
Selected Answer: D
correct answer to this question is D. Implement gateway VPC endpoints for Amazon S3 and update the VPC route table. This solution will allow the EC2 instances to access the S3 bucket directly without having to go through a NAT gateway, reducing costs. Additionally, gateway endpoints provide greater scalability and performance than interface endpoints, making them the preferred solution for high-traffic use cases such as this one.
upvoted 2 times
...
ILOVEVODKA
1 year, 5 months ago
C is correct. Read carefully to get why: https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
upvoted 2 times
slackbot
1 year, 5 months ago
you need to read carefully, gateway endpoint is cheaper (you pay for traffic via interface endpoint, while traffic over gateway endpoint is free)
upvoted 1 times
...
...
flowers00
1 year, 6 months ago
D - correct.
upvoted 4 times
...
zaazanuna
1 year, 6 months ago
C - correct. Option D, implementing gateway VPC endpoints for Amazon S3 and updating the VPC route table, would not meet the requirements. Gateway endpoints allow communication with S3 via the S3 APIs and are intended for accessing S3 over the Internet Gateway or Virtual Private Gateway. They do not help reduce the NAT gateway costs or provide a cost-effective solution for the company's requirements.
upvoted 2 times
smyndlo
1 year, 5 months ago
Interface endpoints do not require route table configuration, so option C is wrong on that aspect. Also, gateway endpoints have zero costs associated with them, while interface endpoints incur charges
upvoted 2 times
ILOVEVODKA
1 year, 5 months ago
look: However, gateway endpoints do not allow access from on-premises networks, from peered VPCs in other AWS Regions, or through a transit gateway. For those scenarios, you must use an interface endpoint, which is available for an additional cost
upvoted 1 times
smyndlo
1 year, 5 months ago
Quoting the question "reduce the NAT gateway costs that result from the traffic between the EC2 instances and Amazon S3." The point of concern is between EC2 instances and s3, not on-prem...besides, the question does state that there is a public vif that is used by on-prem nodes
upvoted 3 times
...
...
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel