Amazon Exam ANS-C01 Topic 1 Question 20 Discussion

Actual exam question for Amazon's ANS-C01 exam

Question #: 20
Topic #: 1

A company has workloads that run in a VPC. The workloads access Amazon S3 by using an S3 gateway endpoint. The company also has on-premises workloads that need to access Amazon

S3 privately over a VPN connection. The company has established the VPN connection to the VPC.

Which solution will provide connectivity to Amazon S3 from the VPC workloads and the on-premises workloads in the MOST operationally efficient way?

ADeploy a proxy fleet of Amazon EC2 instances in the VPC behind an Application Load Balancer (ALB). Configure the on-premises workloads to use the ALB as the proxy server to connect to Amazon S3. Configure the proxy fleet to use the S3 gateway endpoint to connect to Amazon S3.

BDelete the S3 gateway endpoint. Create an S3 interface endpoint. Deploy a proxy fleet of Amazon EC2 instances in the VPC behind an Application Load Balancer (ALB).
Configure the on-premises workloads to use the ALB as the proxy server to connect to Amazon S3. Configure the proxy fleet and the VPC workloads to use the S3 interface
endpoint to connect to Amazon S3.

CCreate an S3 interface endpoint. Configure an on-premises DNS resolver to resolve the S3 DNS names to the private IP addresses of the S3 interface endpoint. Use the S3
interface endpoint to access Amazon S3. Continue to use the S3 gateway endpoint for the VPC workloads to access Amazon S3.

DSet up an AWS Direct Connect connection. Create a public VIF. Configure on-premises routing to route the S3 traffic over the public VIF. Make no changes to the on-premises
workloads. Continue to use the S3 gateway endpoint for the VPC workloads to access Amazon S3.

Show Suggested Answer

Suggested Answer: C

The correct solution is to use an S3 interface endpoint and an on-premises DNS resolver. An S3 interface endpoint allows you to access Amazon S3 using private IP addresses within your VPC. An on-premises DNS resolver can be configured to forward the DNS queries for the S3 domain names to the S3 interface endpoint, so that the on-premises workloads can access Amazon S3 privately over the VPN connection. This solution is operationally efficient, as it does not require any additional infrastructure or changes to the existing workloads. The VPC workloads can continue to use the S3 gateway endpoint, which provides lower latency and higher throughput than the S3 interface endpoint.

by Kate at Feb 07, 2024, 06:04 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Oliva

9 days ago

Alright, I'm convinced. Option C it is. Now let's just hope the exam question doesn't throw us a curveball!

upvoted 0 times

...

Matthew

10 days ago

Agreed. I think option C is the way to go. Nice and clean, and it leverages the existing S3 gateway endpoint for the VPC workloads.

upvoted 0 times

...

Timmy

11 days ago

True, but then you have the overhead of managing the proxy fleet. And if the on-premises workloads need to access other AWS services, that could get messy.

upvoted 0 times

...

Christa

12 days ago

Haha, yeah, the proxy fleet sounds like a recipe for 'operational headaches'. I'd rather not have to deal with that if I can avoid it.

upvoted 0 times

...