🔥 3-day streak
AWS Certified Security - Specialty170 / 184
Question 170 of 184

A company runs EC2 instances in a private subnet with no internet access. The instances use a gateway VPC endpoint to reach Amazon S3. Security requires that instances in this VPC can only access two specific company-owned S3 buckets and nothing else through the endpoint, even if an instance's IAM role were misconfigured to allow broader S3 access. Which approach BEST enforces this restriction?

Reviewed for accuracy · Report an issueNext question