Which combination of steps will achieve this level of control with the LEAST operational effort?

By:
On:
In: SAP-C02
Tagged:
With: 0 Comments
A company operates a fleet of servers on premises and operates a fleet of Amazon EC2 instances in its organization in AWS Organizations.The company’s AWS accounts contain hundreds of VPCs.The company wants to connect its AWS accounts to its on-premises network.AWS Site-to-Site VPN connections are already established to a single AWS account.The company wants to control which VPCs can communicate with other VPCs.

Which combination of steps will achieve this level of control with the LEAST operational effort?

(Choose three.)

Create a transit gateway in an AWS account. Share the transit gateway across accounts by using AWS Resource Access Manager (AWS RAM).

Configure attachments to all VPCs and VPNs.

Setup transit gateway route tables. Associate the VPCs and VPNs with the route tables.

Configure VPC peering between the VPCs.

Configure attachments between the VPCs and VPNs.

Setup route tables on the VPCs and VPNs.

Explanations:

Creating a transit gateway and sharing it via AWS Resource Access Manager (AWS RAM) allows centralized connectivity management across AWS accounts.

Configuring attachments between the transit gateway and all VPCs/VPNs enables communication through the transit gateway.

Setting up transit gateway route tables and associating VPCs/VPNs controls traffic flow, allowing specific VPCs to communicate based on routing policies.

VPC peering does not scale well for hundreds of VPCs and requires complex management compared to a transit gateway.

Attachments should be done via a transit gateway to simplify the architecture, rather than directly between VPCs and VPNs.

Configuring individual VPC and VPN route tables is more complex and increases operational overhead compared to transit gateway route tables.

Leave a Reply

Your email address will not be published. Required fields are marked *

20 − ten =