Which solution meets these requirements?

By:
On:
In: SAP-C01
Tagged:
With: 0 Comments
A company wants to use a hybrid cloud architecture between an on-premises data center and AWS.The company already has deployed a multi-account structure in AWS Organizations while following the AWS Well-Architected Framework.Due to strict security requirements, connectivity between the data center and AWS must be encrypted in transit.Only a single entry point into AWS is permitted from the data center.The data center must be able to access all the AWS accounts.

Which solution meets these requirements?

Connect the AWS accounts with AWS Transit Gateway. Establish an AWS Site-to-Site VPN connection with the data center, and attach the connection to the transit gateway. Route traffic from the data center to all AWS accounts.

Connect the AWS accounts with VPC peering. Establish an AWS Site-to-Site VPN connection with the data center. Route traffic from the data center to all AWS accounts.

Connect the AWS accounts with VPC peering. Establish an AWS Direct Connect connection to the closest AWS Region. Route traffic from the data center to all AWS accounts.

Connect the AWS accounts with AWS Transit Gateway. Establish an AWS Direct Connect connection to the closest AWS Region, and attach the connection to the transit gateway. Route traffic from the data center to all AWS accounts.

Explanations:

AWS Transit Gateway allows you to connect multiple VPCs and on-premises networks, providing a single point of entry into AWS. By establishing an AWS Site-to-Site VPN, the connection will be encrypted in transit, fulfilling the security requirements. The transit gateway can route traffic to all AWS accounts effectively.

VPC peering can connect multiple VPCs but does not allow for a single entry point into AWS. Each VPC would need individual peering connections to the data center, which complicates management and does not meet the requirement for a single entry point. Additionally, VPC peering does not support transitive routing.

While establishing an AWS Direct Connect connection provides a dedicated network connection to AWS, it does not fulfill the requirement of having a single entry point through a VPN connection for encrypted traffic from the data center to all AWS accounts. VPC peering alone would not allow access to all accounts.

Although AWS Transit Gateway can handle multiple connections and provide a single entry point, the use of Direct Connect alone does not provide the necessary encrypted connection requirement from the data center. Direct Connect is primarily for private connectivity, while a VPN is required for encryption in transit.

Leave a Reply

Your email address will not be published. Required fields are marked *

15 − seven =