A company is using AWS to run a long-running analysis process on data that is stored in Amazon S3 buckets. The process runs on a fleet of Amazon EC2 instances that are in an Auto Scaling group. The EC2 instances are deployed in a private subnet of a VPC that does not have internet access. The EC2 instances and the S3 buckets are in the same AWS account.
The EC2 instances access the S3 buckets through an S3 gateway endpoint that has the default access policy. Each EC2 instance is associated with an instance profile role that has a policy that explicitly allows the s3:GetObject action and the s3:PutObject action for only the required S3 buckets.
The company learns that one or more of the EC2 instances are compromised and are exfiltrating data to an S3 bucket that is outside the company's organization in AWS Organizations. A security engineer must implement a solution to stop this exfiltration of data and to keep the EC2 processing job functional.
Which solution will meet these requirements?
kejam
Highly Voted 11 months agoNoCrapEva
7 months, 3 weeks agoAgboolaKun
10 months, 3 weeks agoRaphaello
7 months, 2 weeks ago1c7c461
Highly Voted 9 months, 3 weeks agoicecool36
Most Recent 5 months ago9bb8cb3
5 months, 2 weeks agoion_gee
6 months agoNoexperience
7 months, 1 week agobkbaws
7 months, 1 week agoRaphaello
7 months, 4 weeks agoLazyAutonomy
8 months agoLazyAutonomy
8 months agomark16dc
8 months agoRNan
9 months agoDaniel76
9 months, 1 week agoDebbieB67
9 months, 1 week agoyorkicurke
9 months, 2 weeks agoOralinux
9 months, 3 weeks agoWeepingMaplte
9 months, 4 weeks agoAamee
10 months ago