A company has two AWS accounts: Account A and Account B. Each account has a VPC. An application that runs in the VPC in Account A needs to write to an Amazon S3 bucket in Account B. The application in Account A already has permission to write to the S3 bucket in Account B.
The application and the S3 bucket are in the same AWS Region. The company cannot send network traffic over the public internet.
Which solution will meet these requirements?
To meet the requirements of the application securely accessing an S3 bucket in another AWS account without sending traffic over the public internet, the best solution is to create a VPC peering connection between the VPC in Account A and the VPC in Account B. After establishing the peering connection, you need to update the route tables, network ACLs, and security groups to allow network traffic between the peered VPC IP ranges. This approach ensures that the traffic remains within the AWS infrastructure and does not traverse the public internet, while also allowing cross-account access.
D 100000%%
C A. Transit Gateway: While transit gateways can connect multiple VPCs, they are more complex to set up and manage compared to VPC peering for this specific scenario. They might be a better choice for intricate multi-account VPC connectivity needs. B. Software VPN: A software VPN creates a secure tunnel over the internet, which violates the requirement of avoiding public internet traffic. Additionally, VPNs can introduce performance overhead and management complexity. D. Gateway VPC Endpoint for S3: This option utilizes a Gateway VPC endpoint for S3 access within the VPC in Account A. However, it only allows access to S3 within the same account (Account A). The application needs access to the S3 bucket in a different account (Account B).
D. However, gateway endpoints do not allow access from on-premises networks, from peered VPCs in other AWS Regions, or through a transit gateway. For those scenarios, you must use an interface endpoint, which is available for an additional cost. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
By using a gateway VPC endpoint, the solution remains within the AWS network, ensuring low latency and secure traffic flow without the need for additional infrastructure and complexity
Option C