Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 667 discussion

A company is moving its data and applications to AWS during a multiyear migration project. The company wants to securely access data on Amazon S3 from the company's AWS Region and from the company's on-premises location. The data must not traverse the internet. The company has established an AWS Direct Connect connection between its Region and its on-premises location.

Which solution will meet these requirements?

  • A. Create gateway endpoints for Amazon S3. Use the gateway endpoints to securely access the data from the Region and the on-premises location.
  • B. Create a gateway in AWS Transit Gateway to access Amazon S3 securely from the Region and the on-premises location.
  • C. Create interface endpoints for Amazon S3. Use the interface endpoints to securely access the data from the Region and the on-premises location.
  • D. Use an AWS Key Management Service (AWS KMS) key to access the data securely from the Region and the on-premises location.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Ernestokoro
Highly Voted 11 months ago
Ans is C: >>You can access Amazon S3 from your VPC using gateway VPC endpoints. After you create the gateway endpoint, you can add it as a target in your route table for traffic destined from your VPC to Amazon S3. There is no additional charge for using gateway endpoints. Amazon S3 supports both gateway endpoints and interface endpoints. With a gateway endpoint, you can access Amazon S3 from your VPC, without requiring an internet gateway or NAT device for your VPC, and with no additional cost. However, gateway endpoints do not allow access from on-premises networks, from peered VPCs in other AWS Regions, or through a transit gateway. For those scenarios, you must use an interface endpoint, which is available for an additional cost. For more information, see Types of VPC endpoints for Amazon S3 in the Amazon S3 User Guide. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
upvoted 7 times
...
MatAlves
Most Recent 1 month, 2 weeks ago
Gateway Endpoint -> only within same VPC Interface Endpoint -> On-premises (VPN or Direct Connect), or different Region over VPC peering.
upvoted 1 times
...
Gape4
4 months ago
Selected Answer: C
Please C
upvoted 1 times
...
1Alpha1
9 months ago
Selected Answer: C
Gateway endpoints do not allow access from on-premises networks, from peered VPCs in other AWS Regions, or through a transit gateway. For those scenarios, you must use an interface endpoint, which is available for an additional cost. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
upvoted 2 times
...
awsgeek75
9 months, 4 weeks ago
Selected Answer: C
https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html With AWS PrivateLink for Amazon S3, you can provision interface VPC endpoints (interface endpoints) in your virtual private cloud (VPC). These endpoints are directly accessible from applications that are on premises over VPN and AWS Direct Connect, or in a different AWS Region over VPC peering.
upvoted 3 times
...
pentium75
10 months, 1 week ago
Selected Answer: C
Not A, Gateway endpoint can be accessed only from inside the VPC it's in Not B, Transit Gateway alone won't help Not D, KMS has nothing to do with this
upvoted 3 times
...
fea9bdf
10 months, 1 week ago
Answer seems to be C gateway endpoints do not allow access from on-premises networks, from peered VPCs in other AWS Regions, or through a transit gateway. For those scenarios, you must use an interface endpoint, which is available for an additional cost. For more information, see Types of VPC endpoints for Amazon S3 in the Amazon S3 User Guide.
upvoted 3 times
...
ale_brd_111
10 months, 2 weeks ago
Selected Answer: C
gateway endpoint uses public ip address even if traffic does not directly route thru the internet, also they are no meant to be used from on-premises. Answer is C
upvoted 2 times
...
Min_93
10 months, 2 weeks ago
Selected Answer: C
Options A, B, and D are not the most suitable for the following reasons: A. Create gateway endpoints for Amazon S3: Gateway endpoints are used for accessing S3 from within a VPC, but they do not extend connectivity to on-premises locations. B. Create a gateway in AWS Transit Gateway: AWS Transit Gateway is designed for routing traffic between VPCs and on-premises networks but is not used as a direct gateway for S3 access. D. Use an AWS Key Management Service (AWS KMS) key: AWS KMS is a key management service and does not provide direct access to S3. It's used for managing encryption keys. Therefore, option C, creating interface endpoints for Amazon S3, is the most appropriate solution for securely accessing S3 from both the AWS Region and the on-premises location.
upvoted 1 times
Min_93
10 months, 2 weeks ago
Gateway endpoints for Amazon S3 Interface endpoints for Amazon S3 In both cases, your network traffic remains on the AWS network. Use Amazon S3 public IP addresses Use private IP addresses from your VPC to access Amazon S3 Use the same Amazon S3 DNS names Require endpoint-specific Amazon S3 DNS names Do not allow access from on premises Allow access from on premises Do not allow access from another AWS Region Allow access from a VPC in another AWS Region by using VPC peering or AWS Transit Gateway Not billed Billed
upvoted 1 times
...
...
ftaws
10 months, 2 weeks ago
Selected Answer: B
Transit Gateway support inter region. interface gateway not use in S3
upvoted 1 times
Min_93
10 months, 2 weeks ago
com.amazonaws.ap-southeast-1.s3 amazon Interface Interface is now available for S3
upvoted 1 times
...
...
Beshowasfy
11 months ago
Selected Answer: A
GW Endpoint is only for S3 and DynamoDB, interface endpoint for other services so C is wrong
upvoted 2 times
ale_brd_111
10 months, 2 weeks ago
you can't access gateway endpoint from on-premises
upvoted 2 times
XXXXXlNN
1 month ago
but you can via direct connection
upvoted 1 times
...
...
...
TariqKipkemei
11 months ago
Selected Answer: C
S3 gateway endpoints do not currently support access from resources in a different Region, different VPC, or from an on-premises (non-AWS) environment. https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/#:~:text=associated.%20S3%20gateway-,endpoints,-do%20not%20currently
upvoted 1 times
...
SHAAHIBHUSHANAWS
11 months, 1 week ago
C . S3 gateway endpoints do not currently support access from resources in a different Region, different VPC, or from an on-premises (non-AWS) environment. However, if you’re willing to manage a complex custom architecture, you can use proxies. In all those scenarios, where access is from resources external to VPC, S3 interface endpoints access S3 in a secure way. https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/
upvoted 3 times
...
VladanO
11 months, 1 week ago
Selected Answer: A https://docs.aws.amazon.com/vpc/latest/privatelink/gateway-endpoints.html Gateway VPC endpoints provide reliable connectivity to Amazon S3 and DynamoDB without requiring an internet gateway or a NAT device for your VPC. There is no additional charge for using gateway endpoints.
upvoted 1 times
pentium75
10 months, 1 week ago
You can't use GW endpoint from on-premises
upvoted 1 times
...
...
t0nx
11 months, 2 weeks ago
Selected Answer: C
CCCCCC
upvoted 1 times
...
LemonGremlin
11 months, 2 weeks ago
Selected Answer: C
Amazon VPC interface endpoints enable you to privately connect your VPC to supported AWS services without requiring an internet gateway, NAT device, VPN, or Direct Connect connection. By creating interface endpoints for Amazon S3 in both the AWS Region and the on-premises location, you can securely access data without traversing the internet. Direct Connect Connection: With an AWS Direct Connect connection established between the AWS Region and the on-premises location, the data can flow over the dedicated, private connection rather than going over the public internet.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...