A company has an AWS Lambda function that requires access to an Amazon S3 bucket. The company’s security policy requires that connections to Amazon S3 are over a private network and are secure.
The company has configured a gateway VPC endpoint in the VPC to allow access to Amazon S3. The company has configured the Lambda function to run inside the VPC. Additionally, the company has configured the Lambda function to use a private subnet that has a route to the internet through a NAT gateway.
Other resources in the VPC use this private subnet to access the internet successfully. When the Lambda function runs, it uses the NAT gateway instead of the gateway VPC endpoint to access Amazon S3.
What can a security engineer do to ensure that the Lambda function uses the gateway VPC endpoint for Amazon S3?

A. Remove the route to the NAT gateway within the route table of the private subnet that the Lambda function uses.

B. Associate the gateway VPC endpoint with the route table of the private subnet that the Lambda function uses.

C. Adjust the gateway VPC endpoint policy to allow access from the Lambda function’s network interface address.

D. Configure the Lambda function’s security group to allow connections to the S3 network address space.








 

Suggested Answer: B

Community Answer: B




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.