AWS Certified Advanced Networking – Specialty ANS-C00 – Question144

You are responsible for several EC2 instances deployed from Amazon AMIs that are required to upload information to an S3 bucket. This information must not traverse the public internet. You must also be able to update the instances. Which option is your best solution?

A.
An S3 endpoint and a NAT
B. An S3 endpoint
C. A VPN to the IP addresses specified in the AWS official S3 prefix list
D. A NACL with the AWS prefix list added to it and a VPN.

Correct Answer: B

Explanation:

Explanation: A NAT is not required as an S3 endpoint will allow an instance to update. C and D are not possible.