Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 612 discussion

The solution that will meet these requirements is to: Configure a VPC endpoint for Amazon S3 Update the S3 bucket policy to allow access from the VPC endpoint Update the application to use the new VPC endpoint The key reasons are: VPC endpoints allow private connectivity from VPCs to AWS services like S3 without using an internet gateway. The application can connect to S3 through the VPC endpoint while remaining in the private subnet, without internet access.

D. VPC endpoint = not internet, direct access from VPC to S3

https://docs.aws.amazon.com/whitepapers/latest/aws-privatelink/what-are-vpc-endpoints.html

Answer is D

application must not use the internet to connect to the S3 bucket = VPC endpoint

VPC Endpoint for S3.

D is the correct...https://docs.aws.amazon.com/whitepapers/latest/aws-privatelink/what-are-vpc-endpoints.html

VPC endpoint enables communication between VPC subnet and S3 bucket.

A VPC endpoint is a managed endpoint in your VPC that is connected to a public AWS service. It provides a private connection between your VPC and the service, and it does not require an internet gateway or a NAT device. Option A (internet gateway) would involve exposing the S3 bucket to the internet, which is not recommended for security reasons. Option B (VPN connection) would require additional setup and would still involve traffic going over the internet. Option C (NAT gateway) is used for outbound internet access from private subnets, not for accessing S3 without the internet.