Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 835 discussion

https://aws.amazon.com/blogs/networking-and-content-delivery/optimizing-amazon-s3-data-transfers-over-direct-connect/

A - Public VIFs route traffic over the public internet, but on-premises network has no direct internet access. B - NAT gateways provide internet access for resources within a VPC, but, again, on-premises network has no direct internet access. C - The traffic stays within AWS and the Direct Connect connection, ensuring security and compliance with the no-internet requirement. Also, this is cost-effective because it avoids the need for additional NAT gateways or public VIFs. D - Peering connections don't even support access to AWS public services like S3.

public VIF allows on-premises networks to access AWS public services, like S3 it eliminates the need for internet access & interface endpoints while being cost-effective

Option A is the correct answer: 1) I need to connect to public services only, thus public VIF will be enough. 2) Interface endpoints is charged per hour, not cost effective.

AnswerC Amazon S3 interface endpoint seems to be the best and only option as we are forced to use Private IP addressation. Interface endpoints for Amazon S3 Your network traffic remains on the AWS network. Use private IP addresses from your VPC to access Amazon S3 Require endpoint-specific Amazon S3 DNS names Allow access from on premises Allow access from a VPC in another AWS Region by using VPC peering or AWS Transit Gateway https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#types-of-vpc-endpoints-for-s3

A. https://repost.aws/knowledge-center/s3-bucket-access-direct-connect

A. public VIF is the way you can connect on-premise with S3 via DirectConnect

B Need internet A,D doesn't conect to the s3 IMO, C is the solution for this question.

Option C

https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html