Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 555 discussion

An interface VPC endpoint is a private way to connect to AWS services without having to expose your VPC to the public internet. This is the most secure way to connect to Amazon SQS from the private subnets. Configuring the endpoint to use the private subnets ensures that the traffic between the EC2 instances and the SQS queue is only within the VPC. This helps to protect the traffic from being intercepted by a malicious actor. Adding a security group to the endpoint that has an inbound access rule that allows traffic from the EC2 instances that are in the private subnets further restricts the traffic to only the authorized sources. This helps to prevent unauthorized access to the SQS queue.

A is correct. B,C: 'Configuring endpoints to use public subnets' --> Invalid D: No Gateway Endpoint for SQS.

BC are using public subnets so not useful for security D uses gateway endpoint which is not useful to connect to SQS A: https://docs.aws.amazon.com/vpc/latest/privatelink/aws-services-privatelink-support.html

A seems the most suitable, but security group can't add to the endpoint derectly, right?

Answer is A

Interface endpoints enable connectivity to services over AWS PrivateLink. It is a collection of one or more elastic network interfaces with a private IP address that serves as an entry point for traffic destined to a supported service. Implement an interface VPC endpoint for Amazon SQS. Configure the endpoint to use the private subnets. Add to the endpoint a security group that has an inbound access rule that allows traffic from the EC2 instances that are in the private subnets.

A is correct

I think its A