Learn the most cost-effective approach to set up a VPC connected to an on-premises network for multiple teams working in the same AWS Region. Discover the optimal combination of AWS services and best practices to minimize costs while meeting connectivity requirements.
Table of Contents
Question
A solutions architect is designing an AWS account structure for a company that consists of multiple teams. All the teams will work in the same AWS Region. The company needs a VPC that is connected to the on-premises network. The company expects less than 50 Mbps of total traffic to and from the on-premises network.
Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)
A. Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to each AWS account.
B. Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to a shared services account. Share the subnets by using AWS Resource Access Manager.
C. Use AWS Transit Gateway along with an AWS Site-to-Site VPN for connectivity to the on-premises network. Share the transit gateway by using AWS Resource Access Manager.
D. Use AWS Site-to-Site VPN for connectivity to the on-premises network.
E. Use AWS Direct Connect for connectivity to the on-premises network.
Answer
B. Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to a shared services account. Share the subnets by using AWS Resource Access Manager.
D. Use AWS Site-to-Site VPN for connectivity to the on-premises network.
Explanation
Creating a single VPC in a shared services account using CloudFormation and sharing the subnets via AWS Resource Access Manager (RAM) is the most cost-effective approach. This eliminates the need to provision separate VPCs for each team, reducing management overhead and costs.
Since the expected traffic between the VPC and on-premises network is less than 50 Mbps, using AWS Site-to-Site VPN for connectivity is sufficient and more cost-effective than AWS Direct Connect or Transit Gateway. Site-to-Site VPN provides secure, encrypted connectivity over the internet without the need for dedicated private network connections or additional infrastructure costs associated with Direct Connect or Transit Gateway.
By combining a shared VPC across teams and leveraging Site-to-Site VPN, the company can minimize costs while still meeting the connectivity and security requirements between the AWS environment and their on-premises network.
Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Solutions Architect – Professional SAP-C02 exam and earn Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification.