How can the company enable the Amazon SageMaker service without enabling direct internet access to Amazon SageMaker notebook instances?
A company is setting up an Amazon SageMaker environment. The corporate data security policy does not allow communication over the internet.
How can the company enable the Amazon SageMaker service without enabling direct internet access to Amazon SageMaker notebook instances?
A . Create a NAT gateway within the corporate VPC.
B . Route Amazon SageMaker traffic through an on-premises network.
C . Create Amazon SageMaker VPC interface endpoints within the corporate VPC.
D . Create VPC peering with Amazon VPC hosting Amazon SageMaker.
Answer: C
Explanation:
To enable the Amazon SageMaker service without enabling direct internet access to Amazon SageMaker notebook instances, the company should create Amazon SageMaker VPC interface endpoints within the corporate VPC. A VPC interface endpoint is a gateway that enables private connections between the VPC and supported AWS services without requiring an internet gateway, a NAT device, a VPN connection, or an AWS Direct Connect connection. The instances in the VPC do not need to connect to the public internet in order to communicate with the Amazon SageMaker service. The VPC interface endpoint connects the VPC directly to the Amazon SageMaker service using AWS PrivateLink, which ensures that the traffic between the VPC and the service does not leave the AWS network1.
Reference:
1: Connect to SageMaker Within your VPC – Amazon SageMaker
Latest MLS-C01 Dumps Valid Version with 104 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund