Which combination of steps should the solutions architect take to implement this solution?
A company has a data lake in Amazon S3 that needs to be accessed by hundreds of applications across many AWS accounts. The company’s information security policy states that the S3 bucket must not be accessed over the public internet and that each application should have the minimum permissions necessary to function.
To meet these requirements, a solutions architect plans to use an S3 access point that is restricted to specific VPCs tor each application.
Which combination of steps should the solutions architect take to implement this solution? (Select TWO.)
A . Create an S3 access point for each application in the AWS account that owns the S3 bucket. Configure each access point to be accessible only from the application’s VPC. Update the bucket policy to require access from an access point.
B . Create an interface endpoint for Amazon S3 in each application’s VPC. Configure the endpoint policy to allow access to an S3 access point. Create a VPC gateway attachment for the S3 endpoint.
C . Create a gateway endpoint lor Amazon S3 in each application’s VPC. Configure the endpoint policy to allow access to an S3 access point. Specify the route table that is used to access the access point.
D . Create an S3 access point for each application in each AWS account and attach the access points to the S3 bucket. Configure each access point to be accessible only from the application’s VPC. Update the bucket policy to require access from an access point.
E . Create a gateway endpoint for Amazon S3 in the data lake’s VPC. Attach an endpoint
policy to allow access to the S3 bucket. Specify the route table that is used to access the bucket.
Answer: A,B
Explanation:
All things considered, the correct answer should be A and B, as they together provide a way to achieve a secure access model that complies with information security policies by creating S3 access points for each application and accessing them through VPC interface endpoints instead of gateway endpoints. However, the original intent of the question may have been more inclined to use S3 access points and restrict access through VPC-specific configurations, so options A and D may seem like a preliminary understanding, but based on AWS’s practices and service capabilities, options A and B are the right way to achieve this.
Latest SAP-C02 Dumps Valid Version with 318 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund