A company stores files on 50 Amazon S3 buckets in the same AWS Region. The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances. The company needs a solution that produces no additional cost.
Which solution will meet these requirements?
To connect securely to multiple Amazon S3 buckets from Amazon EC2 instances within the same AWS Region without incurring additional costs, the most effective solution is to create one gateway VPC endpoint for all the S3 buckets and add the gateway VPC endpoint to the VPC route table. This approach allows private connectivity to S3 through the AWS private network without requiring internet gateways, NAT gateways, or VPN connections, consolidating the solution and avoiding complexity and extra expenses.
One gateway endpoint & specific bucket access point https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html#create-gateway-endpoint-s3
The correct solution to meet the requirements of connecting securely to the Amazon S3 buckets over a private connection from Amazon EC2 instances with no additional cost is Option C: Create one gateway VPC endpoint for all the S3 buckets. Add the gateway VPC endpoint to the VPC route table. Explanation: A gateway VPC endpoint allows you to connect to Amazon S3 from your VPC without requiring an internet gateway, NAT gateway, or VPN connection. It provides a private connection to Amazon S3 over your Amazon VPC using Amazon's private network. Since the company wants to connect to 50 Amazon S3 buckets securely over a private connection from its Amazon EC2 instances in the same AWS Region, creating one gateway VPC endpoint for all the S3 buckets is the most efficient and cost-effective solution. By creating one gateway VPC endpoint, you can connect to all S3 buckets in the same Region without the need to create multiple VPC endpoints for each bucket, thus reducing complexity and avoiding additional costs
- One gateway VPC endpoint for all S3 buckets. - Add the gateway VPC endpoint to VPC route table.