Learn how to resolve communication issues between new VPC subnets and an on-premises data center when using a Site-to-Site VPN connection by properly configuring route tables.
Table of Contents
Question
A company currently runs its infrastructure within a VPC in a single Availability Zone. The VPC is connected to the company’s on-premises data center through an AWS Site-to-Site VPN connection attached to a virtual private gateway. The on-premises route tables route all VPC networks to the VPN connection. Communication between the two environments is working correctly. A SysOps administrator created new VPC subnets within a new Availability Zone, and deployed new resources within the subnets. However, communication cannot be established between the new resources and the on-premises environment.
Which steps should the SysOps administrator take to resolve the issue?
A. Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway.
B. Create a ticket with AWS Support to request adding Availability Zones to the Site-to-Site VPN route configuration.
C. Establish a new Site-to-Site VPN connection between a virtual private gateway attached to the new Availability Zone and the on-premises data center.
D. Replace the Site-to-Site VPN connection with an AWS Direct Connect connection.
Answer
A. Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway.
Explanation
When you create a new subnet in a different Availability Zone within the same VPC, the new subnet’s route table does not automatically contain a route to the virtual private gateway. You need to explicitly add a route that sends traffic destined for the on-premises data center to the virtual private gateway.
By adding this route, traffic from resources in the new subnet will be routed through the existing Site-to-Site VPN connection to the on-premises data center, allowing communication between the new resources and the on-premises environment.
The other options are incorrect because:
B. Creating a support ticket is unnecessary, as the issue can be resolved by configuring the route tables correctly.
C. Establishing a new Site-to-Site VPN connection is not required, as the existing connection can be utilized by adding the appropriate routes.
D. Replacing the Site-to-Site VPN connection with AWS Direct Connect is an expensive and unnecessary step, as the existing VPN connection can be used with the proper routing configuration.
Amazon AWS Certified SysOps Administrator – Associate certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified SysOps Administrator – Associate exam and earn Amazon AWS Certified SysOps Administrator – Associate certification.