A legacy application running in premises requires a Solutions Architect to be able to open a firewall to allow access to several Amazon S3 buckets. The Architect has a VPN connection to AWS in place. How should the Architect meet this requirement?
A. Create an IAM role that allows access from the corporate network to Amazon S3.
B. Configure a proxy on Amazon EC2 and use an Amazon S3 VPC endpoint.
C. Use Amazon API Gateway to do IP whitelisting.
D. Configure IP whitelisting on the customer’s gateway.
How To Pass SAA-C02 Exam?Amazon SAA-C02 PDF dumps.High quality SAA-C02 pdf and software. VALID exam to help you pass. |
 |
Correct Answer is B
Ans is B guys.
Question clearly says that we need to allow on on-prem firewall the legacy application to access S3 running via VPN.
A – IAM role does not have anything to do with firewall policies
B – As S3 runs on public domain such as s3.eu-west-1.amazonaws.com we may use a proxy on top of EC2 and allow traffic on this Firewall between proxy server and legacy application.
C – API Gateway to do whitelisting, what? …
D – This would definitely be a solution, however as stated on the question, there is a VPN into play.