Secure Integration of Redshift and S3
Question
Parson Fortunes Ltd is an Asian-based department store operator with an extensive network of 131 stores, spanning approximately 4.1 million square meters of retail space across cities in India, China, Vietnam, Indonesia and Myanmar. Parson built a VPC to host their entire enterprise infrastructure on cloud.
Parson has large assets of data around 20 TB's of structured data and 45 TB of unstructured data and is planning to host their data warehouse on AWS and unstructured data storage on S3
The files sent from their on premise data center are also hosted into S3 buckets.
Parson IT team is well aware of the scalability, performance of AWS services capabilities.
Parson hosts their web applications, databases and the data warehouse built on Redshift in VPC.Parson want to securely integrate the data between Redshift and S3 in a secured way and not being accessed through internet for both Redshift spectrum integration and loading staging data directly from S3 buckets using copy and unload commands. Please advise next steps.
Select 4 options.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E. F. G.Parson Fortunes Ltd is planning to host their data warehouse on AWS and store their unstructured data on S3. They want to integrate the data between Redshift and S3 securely, without being accessed through the internet, for both Redshift spectrum integration and loading staging data directly from S3 buckets using copy and unload commands. Here are the next steps Parson can take to accomplish their goal:
A. Create a VPC endpoint to create a managed connection between your Amazon Redshift cluster in a VPC and Amazon S3 in the same region.
A VPC endpoint enables private communication between Amazon Redshift and Amazon S3, allowing Parson to securely transfer data between the two services without traversing the internet. By creating an endpoint in the same region as the S3 bucket, Parson can ensure optimal performance and low latency.
B. Do not create a VPC endpoint to create a managed connection between your Amazon Redshift cluster in a VPC and Amazon S3 in any region.
Creating a VPC endpoint to connect to Amazon S3 in any region will increase the latency and is not necessary for Parson's requirement of securely integrating Redshift and S3.
C. Disable Enhanced VPC Routing when you create a cluster.
Disabling Enhanced VPC Routing will route traffic to Redshift over the internet rather than through the VPC endpoint, making it less secure.
D. Attach endpoint policy to your endpoint to more closely manage access to your data.
An endpoint policy can be used to control access to the VPC endpoint, allowing Parson to define granular access controls for their data.
E. Enable Enhanced VPC Routing when you create a cluster.
Enabling Enhanced VPC Routing will route traffic to Redshift through the VPC endpoint, ensuring that traffic is not sent over the internet and is kept secure.
F. Enable Domain Name Service (DNS) resolution in your VPC.
Enabling DNS resolution in the VPC allows Parson to resolve the DNS names of the S3 bucket and Redshift cluster, which are necessary for securely integrating the two services.
G. Do not disable Domain Name Service (DNS) resolution in your VPC.
Disabling DNS resolution in the VPC will prevent Parson from resolving the DNS names of the S3 bucket and Redshift cluster, which is required for secure integration of the two services.
