Question #1434
A company needs to securely access an AWS service from their VPC without exposing data traffic to the public internet. The solution must ensure private connectivity between the VPC and the AWS service.
AWS Site-to-Site VPN
AWS PrivateLink
Amazon CloudFront
AWS Direct Connect
Explanation
The correct answer is B. AWS PrivateLink.
Why B is correct:
AWS PrivateLink allows private connectivity between a VPC and supported AWS services (e.g., S3, DynamoDB) via VPC endpoints. Traffic remains entirely within the AWS network, avoiding exposure to the public internet. This meets the requirement for secure, private access.
Why other options are incorrect:
- A. AWS Site-to-Site VPN: Connects on-premises networks to a VPC over encrypted internet tunnels, but traffic still traverses the public internet.
- C. Amazon CloudFront: A content delivery network (CDN) for caching content at edge locations. It is public-facing and not designed for private VPC-to-AWS-service connectivity.
- D. AWS Direct Connect: Establishes a dedicated network connection from on-premises to AWS but does not inherently provide private access to AWS services from a VPC without additional configurations (e.g., VPC endpoints).
Key Points:
- Use AWS PrivateLink for private VPC-to-AWS-service communication.
- Avoid public internet exposure by leveraging VPC endpoints.
- Direct Connect and Site-to-Site VPN focus on hybrid connectivity, not VPC-to-AWS-service access.
Answer
The correct answer is: B