🔥 3-day streak
AWS Certified Solutions Architect - Associate66 / 150
Question 66 of 150
A financial services company runs an application on EC2 instances in a private subnet. The instances access an S3 bucket named 'audit-logs-prod' through a VPC gateway endpoint to keep traffic off the public internet. The security team is concerned that a compromised instance could use the endpoint to exfiltrate data to other S3 buckets in different AWS accounts. Which action MOST effectively limits the endpoint so it can only be used to reach the approved bucket?
Reviewed for accuracy · Report an issueNext question →