Question #1490
A company operates a batch processing system on EC2 instances within a VPC. The system processes 2 TB of data daily stored in an Amazon S3 bucket. The company aims to reduce costs and ensure that all S3 traffic remains within the AWS network without internet exposure.
Which solution meets these requirements?
Enable S3 Intelligent-Tiering for the S3 bucket
Enable S3 Transfer Acceleration for the S3 bucket
Create a gateway VPC endpoint for Amazon S3. Associate this endpoint with all route tables in the VPC
Create an interface endpoint for Amazon S3 in the VPC. Associate this endpoint with all route tables in the VPC
Explanation
The correct answer is C. A gateway VPC endpoint for Amazon S3 allows EC2 instances in the VPC to access S3 without using the public internet, ensuring traffic stays within the AWS network. This eliminates data transfer costs over the internet and enhances security.
- Option A (S3 Intelligent-Tiering) reduces storage costs by optimizing storage tiers but does not address network traffic or data transfer costs.
- Option B (S3 Transfer Acceleration) improves transfer speeds using CloudFront but incurs additional costs and does not restrict traffic to the AWS network.
- Option D (Interface Endpoint) uses AWS PrivateLink, which incurs hourly and per-GB costs, making it less cost-effective than the free gateway endpoint.
Key Points:
1. Gateway VPC endpoints are free and route S3 traffic privately.
2. Interface endpoints (PrivateLink) incur costs.
3. The question prioritizes cost reduction and avoiding internet exposure.
Answer
The correct answer is: C