🔥 3-day streak
AWS Certified Security - Specialty149 / 157
Question 149 of 157

A company runs an EC2-based application in private subnets that must read from and write to a specific S3 bucket named 'corp-finance-reports'. Security requirements state that traffic to S3 must not traverse the public internet, and the instances must be prevented from accessing any other S3 bucket, even if application credentials are compromised. A gateway VPC endpoint for S3 has already been created. Which additional configuration BEST enforces these requirements?

Reviewed for accuracy · Report an issueNext question