Q269.A company hosts an application on Amazon EC2 instances and needs to store files in Amazon S3. The files should never traverse the public internetand only the application EC2 instances are granted access to a specific Amazon S3 bucketA solutions architect has created a VPC endpoint for Amazon S3 and connected the endpoint to the application VPC.Which additional steps should the solutions architect take to meet these requirements?
A.Assign an endpoint policy to the endpoint that restricts access to a specific S3 bucket. Attach a bucket policy to the S3 bucket that grants access to the VPC endpoint Add the gateway prefix list to a NACL of the instances to limit access to the application EC2 instances only. B.Attach a bucket policy to the S3 bucket that grants access to application EC2 instances only using the aws:Sourcelp condition. Update the VPC route table so only the application EC2 instances can access the VPC endpoint C.Assign an endpoint policy to the VPC endpoint that restricts access to a specific S3 bucket Attach a bucket policy to the S3 bucket that grants access to the VPC endpoint Assign an IAM role to the application EC2 instances and only allow access to this role in the S3 bucket's policy.VPC endpoint that restricts access to S3 in the current Region Attach a bucket’s policy. D.Assign an endpoint policy to the VPC endpoint that restricts access to S3 in the current Region.Attach a bucket policy to the S3 bucket that grants access to the VPC the application EC2 instances only. Add the gateway prefix list to a NACL to limit access to the application EC2 instances only.正确答案C
