Which solution will meet these requirements MOST cost-effectively?

By:
In: SAP-C02
Tagged:
With: 1 Comment
A company in the United States (US) has acquired a company in Europe.Both companies use the AWS Cloud.The US company has built a new application with a microservices architecture.The US company is hosting the application across five VPCs in the us-east-2 Region.The application must be able to access resources in one VPC in the eu-west-1 Region.However, the application must not be able to access any other VPCs.The VPCs in both Regions have no overlapping CIDR ranges.All accounts are already consolidated in one organization in AWS Organizations.

Which solution will meet these requirements MOST cost-effectively?

Create one transit gateway in eu-west-1. Attach the VPCs in us-east-2 and the VPC in eu-west-1 to the transit gateway. Create the necessary route entries in each VPC so that the traffic is routed through the transit gateway.

Create one transit gateway in each Region. Attach the involved subnets to the regional transit gateway. Create the necessary route entries in the associated route tables for each subnet so that the traffic is routed through the regional transit gateway. Peer the two transit gateways.

Create a full mesh VPC peering connection configuration between all the VPCs. Create the necessary route entries in each VPC so that the traffic is routed through the VPC peering connection.

Create one VPC peering connection for each VPC in us-east-2 to the VPC in eu-west-1. Create the necessary route entries in each VPC so that the traffic is routed through the VPC peering connection.

Explanations:

While creating a transit gateway in eu-west-1 and attaching the VPCs allows for centralized management of traffic, it would also expose the VPC in eu-west-1 to all VPCs in us-east-2, violating the requirement to restrict access to only one specific VPC.

This option creates two transit gateways, one in each region, and requires peering between them. Although it provides better control over routing and traffic management, it adds unnecessary complexity and cost due to the need for two transit gateways and the additional peering configuration. Moreover, it still exposes all VPCs to each other unless configured with strict route table controls, which may not fully satisfy the requirement.

A full mesh VPC peering connection among all VPCs would allow traffic between any VPCs that are peered, which contradicts the requirement to only allow access to the single VPC in eu-west-1. This approach would be more complex and expensive, as it involves multiple peering connections and extensive route table configurations.

Creating a single VPC peering connection for each VPC in us-east-2 to the specific VPC in eu-west-1 meets the requirement effectively and cost-efficiently. This option restricts access strictly to the intended VPC, minimizes complexity by limiting the number of connections, and avoids the overhead of transit gateways while still enabling necessary inter-region communication.

2025-10-18

1 Comment

  1. Christian
    Author

    I compute that the answer is:
    Create one VPC peering connection for each VPC in us-east-2 to the VPC in eu-west-1. Create the necessary route entries in each VPC so that the traffic is routed through the VPC peering connection.

Leave a Reply

Your email address will not be published. Required fields are marked *

eight + 4 =