Site icon Exam4Training

Which solution will meet these requirements?

exams

A company has multiple AWS Site-to-Site VPN connections between a VPC and its branch offices. The company manages an Amazon Elasticsearch Service (Amazon ES) domain that is configured with public access. The Amazon ES domain has an open domain access policy. A SysOps administrator needs to ensure that Amazon ES can be accessed only from the branch offices while preserving existing data.

Which solution will meet these requirements?
A . Configure an identity-based access policy on Amazon ES. Add an allow statement to the policy that includes the Amazon Resource Name (ARN) for each branch office VPN connection.
B . Configure an IP-based domain access policy on Amazon ES. Add an allow statement to the policy that includes the private IP CIDR blocks from each branch office network.
C . Deploy a new Amazon ES domain in private subnets in a VPC, and import a snapshot from the old domain. Create a security group that allows inbound traffic from the branch office CIDR blocks.
D . Reconfigure the Amazon ES domain in private subnets in a VPC. Create a security group that allows inbound traffic from the branch office CIDR blocks.

Answer: B

Explanation:

To ensure that Amazon Elasticsearch Service (Amazon ES) can be accessed only from the branch offices while preserving existing data, an IP-based domain access policy is the best approach. This allows you to restrict access to specific IP ranges.

Configure an IP-Based Domain Access Policy:

Navigate to the Amazon ES console.

Select the domain and go to the "Access policies" tab.

Update the Access Policy:

Edit the access policy to include an allow statement for the private IP CIDR blocks of each branch office.

Example policy:

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Principal": "*",

"Action": "es:*",

"Condition": {

"IpAddress": {

"aws:SourceIp": [

"branch-office-cidr-1",

"branch-office-cidr-2"

]

}

}

}

]

}

Verify the Configuration:

Ensure that the policy correctly restricts access to the specified IP ranges. Test access from the branch offices to confirm connectivity.

Reference: Amazon Elasticsearch Service Access Control

Configuring Access Policies

Latest SOA-C02 Dumps Valid Version with 54 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SOA-C02 PDF     SOA-C02 Questions Online Training
Exit mobile version