Examice

Exam SAA-C03 All QuestionsBrowse all questions from this exam

Question 92

A company is storing sensitive user information in an Amazon S3 bucket. The company wants to provide secure access to this bucket from the application tier running on Amazon EC2 instances inside a VPC.

Which combination of steps should a solutions architect take to accomplish this? (Choose two.)

Configure a VPC gateway endpoint for Amazon S3 within the VPC.

Create a bucket policy to make the objects in the S3 bucket public.

Create a bucket policy that limits access to only the application tier running in the VPC.

Create an IAM user with an S3 access policy and copy the IAM credentials to the EC2 instance.

Create a NAT instance and have the EC2 instances use the NAT instance to access the S3 bucket.

Correct Answer: A, C

The optimal steps to ensure secure access to the Amazon S3 bucket from the application tier running on Amazon EC2 instances inside a VPC involve configuring a VPC gateway endpoint for Amazon S3 and creating a bucket policy that limits access to only the application tier running within the VPC. Configuring a VPC gateway endpoint allows direct access to S3 without routing traffic over the public internet, enhancing security. Creating a bucket policy that restricts access to the specific application tier ensures that only authorized instances within the VPC can interact with the sensitive data, thereby maintaining its confidentiality and integrity.

Discussion

awsgeek75Options: AC

A: VPC S3 gateway for direct connection (no public internet) to access S3 C: Bucket policy to secure access and only allow the VPC application tier to access it B: Opens up to public D: Not secure to copy credentials E: NAT instance (obsolete now) is not useful for limiting resource access, it's for subnet connections

David_AngOptions: AC

These are correct because "A" and "C" ensure secure access and secure connectivity between the S3 and the EC2 instances

rityoui

no one mentioned the translation issue, "limit access to sth" sounds like limit this but allow others, confusing for non-English speaker.

Guru4CloudOptions: AC

The correct options are: A) Configure a VPC gateway endpoint for Amazon S3 within the VPC. C) Create a bucket policy that limits access to only the application tier running in the VPC. The key requirements are secure access to the S3 bucket from EC2 instances in the VPC. A VPC endpoint for S3 allows connectivity from the VPC to S3 without needing internet access. The bucket policy should limit access only to the VPC by whitelisting the VPC endpoint.

cookieMrOptions: AC

A. This eliminates the need for the traffic to go over the internet, providing an added layer of security. B. It is important to restrict access to the bucket and its objects only to authorized entities. C. This helps maintain the confidentiality of the sensitive user information by limiting access to authorized resources. D. In this case, since the EC2 instances are accessing the S3 bucket from within the VPC, using IAM user credentials is unnecessary and can introduce additional security risks. E. a NAT instance to access the S3 bucket adds unnecessary complexity and overhead. In summary, the recommended steps to provide secure access to the S3 from the application tier running on EC2 inside a VPC are to configure a VPC gateway endpoint for S3 within the VPC (option A) and create a bucket policy that limits access to only the application tier running in the VPC (option C).

BmarodiOptions: AC

A & C the correct solutions.

Help2023Options: AC

The key part that many miss out on is 'Combination' The other answers are not wrong but A works with C and not with the rest as they need an internet connection.

bdp123Options: AC

https://aws.amazon.com/premiumsupport/knowledge-center/s3-private-connection-noauthentication/

remandOptions: CD

c & D for security. A addresses accessibility which is not a concern here imo

pentium75

"Copy the IAM credentials to the EC2 instance" hell no

jaradat02Options: AC

A removes the need for a NAT gateway and keeps the connection private, C restricts access to the bucket.

Ruffyit

) Configure a VPC gateway endpoint for Amazon S3 within the VPC. C) Create a bucket policy that limits access to only the application tier running in the VPC. The key requirements are secure access to the S3 bucket from EC2 instances in the VPC. A VPC endpoint for S3 allows connectivity from the VPC to S3 without needing internet access. The bucket policy should limit access only to the VPC by whitelisting the VPC endpoint.

Guru4CloudOptions: AC

The key requirements are to provide secure access to the S3 bucket only from the application tier EC2 instances inside the VPC. A VPC gateway endpoint allows private access to S3 from within the VPC without needing internet access. This keeps the traffic secure within the AWS network. The bucket policy should limit access to only the application tier, not make the objects public. This restricts access to the sensitive data to only the authorized application tier.

sohailn

ac is the correct answer, as per my knowledge people are confused with IAM user we can use IAM role for secure access.

tamefi5512Options: AC

AC is the right answer

TillieEhaungOptions: AC

A and C

annabellehiroOptions: AC

A and C

vhermanOptions: AC

AC is correct