Home › Forums › AWS › AWS Certified Solutions Architect Associate › Confusing question › Reply To: Confusing question
-
Hi Privat33r,
Thank you for your feedback and for raising the important point about how financial information is accessed in the scenario. The scenario does not explicitly mention using presigned URLs or other specific methods for accessing the S3 bucket. The intent of the question is to focus on securing the connection between the EC2 instance and the S3 bucket, ensuring that sensitive financial data is not exposed to the internet unnecessarily.
In this setup, the EC2 instance is hosted in a private subnet and acts as an intermediary between users and the Amazon S3 bucket. The primary concern is to secure the communication between the EC2 instance and S3 without assuming any specific method, such as presigned URLs. Using a Gateway VPC Endpoint ensures that all traffic between the EC2 instance and S3 remains within the AWS network, mitigating the security risk associated with internet exposure. This approach is both cost-effective and aligns with the security team’s concerns.
By implementing the Gateway VPC Endpoint, the scenario maintains secure internal communication without breaking potential functionality, even though the specific user access method (e.g., presigned URLs) is not detailed.
We appreciate your feedback and will consider clarifying these aspects to avoid any confusion. Thank you for helping us improve the quality of our practice exams!
Regards,
Nikee @ Tutorials Dojo