An application is running on an Amazon EC2 instance launched in a private subnet in us-east-1 (N. Virginia) region. A new feature will be released that requires the application to pull data from several public web services over the Internet to complete its processing. The result will be stored to an S3 bucket in the same region. The Network Engineer must restrict outbound Internet access to a list of whitelisted URLs only.
What should the Engineer do to satisfy these requirements?
The option that says: Deploy a NAT instance in a public subnet. Install a Squid proxy in the instance to whitelist the outbound Internet access. Create a VPC Interface endpoint to access the Amazon S3 bucket is incorrect because you have to create a VPC Gateway endpoint to allow access to the S3 bucket and not a VPC Interface endpoint. Same thing as well if you want to connect to a DynamoDB table. An Interface endpoint is only applicable for Amazon RDS Data API, Amazon SNS, Amazon SQS, and others.