How should an engineer configure the network to meet these requirements?

September 14, 2021 by Admin

A company is building a hybrid PCI-DSS compliant application that runs in the us-west-2 Region and on-premises. The application sends access logs from all locations to a single Amazon S3 bucket in us-west-2. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses.

How should an engineer configure the network to meet these requirements?

  • Configure an AWS Direct Connect private virtual interface to the company’s AWS VPC in us-west-2. Create a VPC endpoint and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.
  • Configure a VPN connection to the company’s AWS VPC in us-west-2 and use BGP to advertise routes for Amazon S3.
  • Configure a Direct Connect connection public virtual interface to us-west-2. Leverage an on-premises HTTPS proxy to send traffic to Amazon S3 over a Direct Connect connection.
  • Configure a VPN connection to the company’s AWS VPC in us-west-2. Create a NAT gateway and configure the on-premises systems to leverage an HTTPS proxy in the VPC to access Amazon S3.

Leave a Reply