Learn how to automatically validate AWS VPC connectivity using EventBridge, Lambda and Reachability Analyzer whenever a route table, NACL or security group is modified.
Table of Contents
Question
A company has deployed a multi-VPC environment in the AWS Cloud. The company uses a transit gateway to connect all the VPCs together. In the past, the company has experienced a loss of connectivity between applications after changes to security groups, network ACLs, and route tables in a VPC. When these changes occur, the company wants to automatically verify that connectivity still exists between different resources in a single VPC.
A. Create a list of paths between different resources to check in VPC Reachability Analyzer. Create an Amazon EventBridge rule to monitor when a change is made and logged in Amazon CloudWatch. Configure the rule to invoke an AWS Lambda function to test the different paths in Reachability Analyzer.
B. Create a list of paths between different resources to check in VPC Reachability Analyzer. Create an Amazon EventBridge rule to monitor when a change is made and logged in AWS. CloudTrail. Configure the rule to invoke an AWS Lambda function to test the different paths in Reachability Analyzer.
C. Create a list of paths to check in AWS Transit Gateway Network Manager Route Analyzer. Create an Amazon EventBridge rule to monitor when a change is made and logged in Amazon CloudWatch. Configure the rule to invoke an AWS Lambda function to test the diffident paths in Route Analyzer.
D. Create a list of paths to check in AWS Transit Gateway Network Manager Route Analyzer. Create an Amazon EventBridge rule to monitor when a change is made and logged in AWS CloudTrail. Configure the rule to invoke an AWS Lambda function to test the different paths in Route Analyzer.
Answer
A. Create a list of paths between different resources to check in VPC Reachability Analyzer. Create an Amazon EventBridge rule to monitor when a change is made and logged in Amazon CloudWatch. Configure the rule to invoke an AWS Lambda function to test the different paths in Reachability Analyzer.
Explanation
The solution that will automatically verify connectivity between resources after changes is:
A. Create a list of paths between different resources to check in VPC Reachability Analyzer. Create an Amazon EventBridge rule to monitor when a change is made and logged in Amazon CloudWatch. Configure the rule to invoke an AWS Lambda function to test the different paths in Reachability Analyzer.
This solution meets the requirements by:
Using VPC Reachability Analyzer to define paths to test, as it checks intra-VPC connectivity not through transit gateway.
Monitoring CloudWatch logs for changes rather than CloudTrail, as specific security/networking change logs are present in CloudWatch.
Invoking a Lambda function from EventBridge to programmatically test the paths after a change.
Compared to other options:
B/D – Use incorrect Transit Gateway analytics instead of intra-VPC
C – Monitor CloudTrail which lacks specific change logs
By leveraging VPC Reachability Analyzer, CloudWatch logging and EventBridge automation, option A provides an automated solution to verify intra-VPC connectivity changes without manual steps.
AWS Certified Advanced Networking – Specialty ANS-C01 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn AWS Certified Advanced Networking – Specialty ANS-C01 certification.