AWS Certified Advanced Networking – Specialty ANS-C00 – Question234

Your customer's internal security teams receive requests to allow Amazon S3 access from inside the corporate network. All external traffic must be explicitly whitelisted through your corporate firewalls.
How can your security team grant this access?

A.
Obtain the list of IP prefixes from AWS Forum announcements, and use those prefixes in firewall rules.
B. Obtain the list of IP prefixes from ip-ranges.json, and use those prefixes in firewall rules.
C. Obtain the list of IP prefixes by performing a DNS lookup on Amazon S3 endpoints, and use those prefixes in firewall rules.
D. Connect your data center to a VPC via Direct Connect. Create routes that forward traffic from your data center to an S3 private endpoint.

Correct Answer: B

Explanation:

Explanation:
ip-ranges.json contains the latest list of IP addresses used by AWS. AWS no longer posts IP prefixes in Forum announcements. DNS lookups would not provide an exhaustive list of possible IP prefixes. D would require transitive routing, which is not possible.