Home / Amazon / SAA-C01 / Question 95

An application is running on an Amazon EC2 instance in a private subnet. The application needs to read and write data onto Amazon Kinesis Data Streams, and corporate policy requires that this traffic should not go to the internet.How can these requirements be met?

• Configure a NAT gateway in a public subnet and route all traffic to Amazon Kinesis through the NAT gateway.

• Configure a gateway VPC endpoint for Kinesis and route all traffic to Kinesis through the gateway VPC endpoint.

• Configure an interface VPC endpoint for Kinesis and route all traffic to Kinesis through the gateway VPC endpoint.

• Configure an AWS Direct Connect private virtual interface for Kinesis and route all traffic to Kinesis through the virtual interface.