A Solutions Architect is designing network architecture for an application that has compliance requirements. The application will be hosted on Amazon EC2
instances in a private subnet and will be using Amazon S3 for storing data. The compliance requirements mandate that the data cannot traverse the public Internet.
What is the MOST secure way to satisfy this requirement?
A. Use a NAT Instance.
B. Use a
NAT Gateway.
C. Use a VPC endpoint.
D. Use a Virtual Private Gateway.
Reference https://aws.amazon.com/blogs/aws/new-vpc-endpoint-for-amazon-s3/