AWS Certified SysOps Administrator SOA-C01 – Question677 - AWS Certified SysOps Administrator SOA-C01

A company’s application stores documents within an Amazon S3 bucket. The application is running on Amazon EC2 in a VPC. A recent change in security requirements states that traffic between the company’s application and the S3 bucket must never leave the Amazon network.
What AWS feature can provide this functionality?

A. Security groups
B. NAT gateways
C. Virtual private gateway
D. Gateway VPC endpoints

Correct Answer: D

Explanation:

Explanation When using VPC with S3, use VPC S3 endpoints as

are horizontally scaled, redundant, and highly available VPC components
help establish a private connection between VPC and S3 and the traffic never leaves the Amazon network