Gain in-depth knowledge about AWS VPC connectivity. Learn how to effectively use transit gateways to interconnect VPCs and route traffic through an egress VPC.
Table of Contents
Question
A large company runs workloads in VPCs that are deployed across hundreds of AWS accounts. Each VPC consists of public subnets and private subnets that span across multiple Availability Zones. NAT gateways are deployed in the public subnets and allow outbound connectivity to the internet from the private subnets.
A solutions architect is working on a hub-and-spoke design. All private subnets in the spoke VPCs must route traffic to the internet through an egress VPC. The solutions architect already has deployed a NAT gateway in an egress VPC in a central AWS account.
Which set of additional steps should the solutions architect take to meet these requirements?
A. Create peering connections between the egress VPC and the spoke VPCs. Configure the required routing to allow access to the internet.
B. Create a transit gateway, and share it with the existing AWS accounts. Attach existing VPCs to the transit gateway. Configure the required routing to allow access to the internet.
C. Create a transit gateway in every account. Attach the NAT gateway to the transit gateways. Configure the required routing to allow access to the internet.
D. Create an AWS PrivateLink connection between the egress VPC and the spoke VPCs. Configure the required routing to allow access to the internet.
Answer
B. Create a transit gateway, and share it with the existing AWS accounts. Attach existing VPCs to the transit gateway. Configure the required routing to allow access to the internet.
Explanation
A transit gateway is a network transit hub that you can use to interconnect your virtual private clouds (VPC) and on-premises networks. In this scenario, the solutions architect should create a transit gateway and share it with the existing AWS accounts. This allows all the VPCs in the different accounts to connect to the transit gateway and route their traffic through the egress VPC.
This approach centralizes the internet access for all the VPCs and simplifies the network architecture. It also reduces the number of NAT gateways required, as only one NAT gateway in the egress VPC is used for internet access.
Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Solutions Architect – Professional SAP-C02 exam and earn Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification.