Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 835 discussion

AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard Ethernet fiber-optic cable. One end of the cable is connected to your router, and the other to an AWS Direct Connect router. With this connection, you can create virtual interfaces directly to public AWS services (for example, to Amazon S3) or to Amazon VPC, bypassing internet service providers in your network path. An AWS Direct Connect location provides access to AWS in the Region with which it is associated. You can use a single connection in a public Region or AWS GovCloud (US) to access public AWS services in all other public Regions.

https://aws.amazon.com/blogs/networking-and-content-delivery/optimizing-amazon-s3-data-transfers-over-direct-connect/

A - Public VIFs route traffic over the public internet, but on-premises network has no direct internet access. B - NAT gateways provide internet access for resources within a VPC, but, again, on-premises network has no direct internet access. C - The traffic stays within AWS and the Direct Connect connection, ensuring security and compliance with the no-internet requirement. Also, this is cost-effective because it avoids the need for additional NAT gateways or public VIFs. D - Peering connections don't even support access to AWS public services like S3.

public VIF allows on-premises networks to access AWS public services, like S3 it eliminates the need for internet access & interface endpoints while being cost-effective

Option A is the correct answer: 1) I need to connect to public services only, thus public VIF will be enough. 2) Interface endpoints is charged per hour, not cost effective.

AnswerC Amazon S3 interface endpoint seems to be the best and only option as we are forced to use Private IP addressation. Interface endpoints for Amazon S3 Your network traffic remains on the AWS network. Use private IP addresses from your VPC to access Amazon S3 Require endpoint-specific Amazon S3 DNS names Allow access from on premises Allow access from a VPC in another AWS Region by using VPC peering or AWS Transit Gateway https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#types-of-vpc-endpoints-for-s3

A. https://repost.aws/knowledge-center/s3-bucket-access-direct-connect

A. public VIF is the way you can connect on-premise with S3 via DirectConnect

B Need internet A,D doesn't conect to the s3 IMO, C is the solution for this question.

Option C

https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html