A SysOps administrator needs a secure way to connect to AWS Key Management Service (AWS KMS) within a VPC. The SysOps administrator must ensure that connections to AWS KMS do not traverse the internet.
What is the MOST secure solution that meets these requirements?
A. Use a bastion host to connect to AWS KMS.
B. Use a NAT gateway to connect to AWS KMS.
C. Use a VPC gateway endpoint for Amazon S3 to connect to AWS KMS.
D. Use a VPC interface endpoint to connect to AWS KMS.
What is the MOST secure solution that meets these requirements?
A. Use a bastion host to connect to AWS KMS.
B. Use a NAT gateway to connect to AWS KMS.
C. Use a VPC gateway endpoint for Amazon S3 to connect to AWS KMS.
D. Use a VPC interface endpoint to connect to AWS KMS.