A company is using AWS to run a long-running analysis process on data that is stored in Amazon S3 buckets. The process runs on a fleet of Amazon EC2 instances that are in an Auto Scaling group. The EC2 instances are deployed in a private subnet of a VPC that does not have internet access. The EC2 instances and the S3 buckets are in the same AWS account.
The EC2 instances access the S3 buckets through an S3 gateway endpoint that has the default access policy. Each EC2 instance is associated with an instance profile role that has a policy that explicitly allows the s3:GetObject action and the s3:PutObject action for only the required S3 buckets.
The company learns that one or more of the EC2 instances are compromised and are exfiltrating data to an S3 bucket that is outside the company's organization in AWS Organizations. A security engineer must implement a solution to stop this exfiltration of data and to keep the EC2 processing job functional.
Which solution will meet these requirements?
kejam
Highly Voted 1 year agoNoCrapEva
9 months, 3 weeks agoAgboolaKun
1 year agoRaphaello
9 months, 2 weeks ago1c7c461
Highly Voted 11 months, 3 weeks agoIPLogic
Most Recent 1 day, 21 hours agomzeynalli
3 weeks, 4 days agojakie22332
4 weeks, 1 day agoicecool36
7 months ago9bb8cb3
7 months, 2 weeks agoion_gee
8 months agoNoexperience
9 months, 1 week agobkbaws
9 months, 1 week agoRaphaello
9 months, 4 weeks agoLazyAutonomy
10 months agoLazyAutonomy
10 months agomark16dc
10 months agoRNan
11 months agoDaniel76
11 months, 1 week agoDebbieB67
11 months, 1 week agoyorkicurke
11 months, 2 weeks ago