Secure Access to AWS RESTful Service in Private Subnet | AWS Networking Specialty Exam

Secure Access to AWS RESTful Service

Prev Question Next Question

Question

You have a RESTful service that your company develops.

You want to provide secure access to this service to multiple clients within the same region in AWS.

The service is hosted in a private subnet in one of your VPCs.

How can you accomplish this?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B.

The AWS Documentation mentions the following.

An interface VPC endpoint (AWS PrivateLink) enables you to connect to services powered by AWS PrivateLink.

These services include AWS services, services hosted by other AWS accounts (referred to as endpoint services), and supported AWS Marketplace partner services.

The interface endpoints are created directly inside your VPC, using elastic network interfaces and IP addresses in your VPC's subnets.

The service is now in your VPC, enabling connectivity to AWS services or AWS PrivateLink-powered service via private IP addresses.

That means that VPC Security Groups can be used to manage access to the endpoints.

Also, the interface endpoint can be accessed from your premises via AWS Direct Connect.

Option A is incorrect since this is used for public services such as S3 and DynamoDB.Options C and D are incorrect since the services are located in the private subnet.

So the DNS name would not be available to users on the Internet.

For more information on AWS private link, one can visit the below URL.

https://docs.aws.amazon.com/aws-technical-content/latest/aws-vpc-connectivity-options/aws-privatelink.html

To provide secure access to a RESTful service hosted in a private subnet in an AWS VPC, you can use a VPC endpoint. A VPC endpoint enables you to privately access services hosted on AWS, without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.

There are two types of VPC endpoints: Gateway and Interface endpoints.

A VPC Endpoint gateway is used to connect your VPC to AWS services over an internet gateway. This type of endpoint is used when the service you want to access is hosted on the AWS network, for example, Amazon S3 or DynamoDB. It is not suitable for accessing services hosted in your VPC.

A VPC Interface Endpoint, on the other hand, is used to connect your VPC to a service over a private connection. This type of endpoint is used when you want to access a service that is hosted in your VPC or another VPC in your account.

Therefore, to provide secure access to your RESTful service hosted in a private subnet in your VPC, you should create a VPC Interface Endpoint that connects to your RESTful service. This will enable your clients to access the service securely, without requiring a public internet connection or a VPN connection.

Option A is incorrect as it refers to a VPC Endpoint gateway which is used to connect your VPC to AWS services over an internet gateway, and is not suitable for accessing services hosted in your VPC.

Option C and D are incorrect as they refer to load balancers which are used to distribute traffic across multiple instances or targets, but do not provide a private connection to access a service hosted in a private subnet in your VPC.