There is a set of EC2 Instances in a private subnet. The application hosted on these EC2 Instances needs to access a DynamoDB table running on AWS. It needs to be ensured that traffic does not flow out to the internet. How can this be achieved?

Answer options:

A.Use a VPC endpoint for DynamoDB.B.Use a VPN connection from the VPC.C.Use a NAT gateway from the VPC.D.Use a VPC Peering connection to the DynamoDB table.

Answer: A
Option A is CORRECT because a VPC endpoint for DynamoDB enables Amazon EC2 instances in your VPC to use their private IP addresses to access DynamoDB with no exposure to the public internet. Your EC2 instances do not require public IP addresses, and you don`t need an internet gateway, a NAT device, or a virtual private gateway in your VPC.Option B is incorrect because a VPN connection is used for establishing connectivity between an on-premises environment and AWS Cloud Platform.
Option C is incorrect because using a NAT gateway will allow the EC2 machine to reach the public internet. This would not restrict access to DynamoDB within the AWS network.
Option D is incorrect because VPC Peering is used to connect multiple VPCs together. This would not allow connecting EC2 with DynamoDB within the same VPC over the AWS network.
The following diagram from the AWS Documentation shows how you can access the DynamoDB service from within a VPC without going to the Internet.
For more information on VPC endpoints for DynamoDB, kindly refer to the following URL:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/vpc-endpoints-dynamodb.html