The reasons are:
A gateway endpoint for DynamoDB enables private connectivity between DynamoDB and the VPC. This allows EC2 instances to access DynamoDB APIs without traversing the internet.
A security group entry is needed to allow the EC2 instances access to the DynamoDB endpoint over the VPC.
An interface endpoint is used for services like S3 and Systems Manager, not DynamoDB.
Route table entries route traffic within a VPC but do not affect external connectivity.
Elastic network interfaces are not needed for gateway endpoints.
"The outbound rules for the security group for instances that access DynamoDB through the gateway endpoint must allow traffic to DynamoDB", https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-ddb.html
The option however is talking about the security group of the endpoint
A & B are correct
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/vpc-endpoints-dynamodb.html
E is incorrect. There's no need for security group.
From the URL above:
"Once the VPC subnet’s gateway endpoint has been granted access to DynamoDB, any AWS account with access to that subnet can use DynamoDB."
C & D are both not relevant. D looks ok but DynamoDB doesn't go with security group, it only allows route table for VPC endpoint. Link here: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/vpc-endpoints-dynamodb.html
Sorry, E not D. E looks ok but DynamoDB doesn't go with security group, it only allows route table for VPC endpoint. Link here: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/vpc-endpoints-dynamodb.html
DynamoDB can only be connected via Gateway endpoint (just like S3)
route table for connecting the VPC tor the endpoint
So do B then A
C: interface endpoint for EC2 to what?
D: ENI not applicable here for VPC
E: Incomplete option as to access to what?
A. Create a route table entry for the endpoint: This is not necessary, as the gateway endpoint itself automatically creates the required route table entries.
https://docs.aws.amazon.com/vpc/latest/privatelink/gateway-endpoints.html#vpc-endpoints-routing
Traffic from your VPC to Amazon S3 or DynamoDB is routed to the gateway endpoint. Each subnet route table must have a route that sends traffic destined for the service to the gateway endpoint using the prefix list for the service.
You can access Amazon DynamoDB from your VPC using gateway VPC endpoints. After you create the gateway endpoint, you can add it as a target in your route table for traffic destined from your VPC to DynamoDB.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ukivanlamlpi
Highly Voted 1 year, 7 months agoGuru4Cloud
Highly Voted 1 year, 7 months agounbendable
1 year, 5 months agoJoeTromundo
Most Recent 6 months, 1 week agoa7md0
8 months, 4 weeks agoosmk
1 year, 2 months agoupliftinghut
1 year, 2 months agoupliftinghut
1 year, 2 months agoawsgeek75
1 year, 2 months agotheonlyhero
1 year, 2 months agopentium75
1 year, 2 months agoaws94
1 year, 3 months agoTariqKipkemei
1 year, 4 months agoEdenWang
1 year, 4 months agocciesam
1 year, 4 months agopotomac
1 year, 4 months agodanielmakita
1 year, 5 months agoiwannabeawsgod
1 year, 5 months agoloveaws
1 year, 5 months ago