AWS Certified Advanced Networking - Specialty (#68)

Your company’s policy requires that all VPCs peer with a “common services: VPC. This VPC contains a fleet of layer 7 proxies and an Internet gateway. No other VPC is allowed to provision an Internet gateway. You configure a new VPC and peer with the common service VPC as required by policy. You launch an Amazon EC2. Windows instance configured to forward all traffic to the layer 7 proxies in the common services VPC. The application on this server should successfully interact with Amazon S3 using its properly configured AWS Identity and Access Management (IAM) role. However, Amazon S3 is returning 403 errors to the application. Which step should you take to enable access to Amazon S3?

Update the S3 bucket policy with the private IP address of the instance.
Exclude 169.254.169.0/24 from the instance’s proxy configuration.
Configure a VPC endpoint for Amazon S3 in the same subnet as the instance.
Update the CORS configuration for Amazon S3 to allow traffic from the proxy.