What should the solutions architect do to reduce the network costs while meeting these requirements?
Create a single VPC with three NAT gateways in a shared services account. Configure each account VPC with a default route through a transit gateway to the NAT gateway in the shared services account VPC. Remove all NAT gateways from the standard VPC template.
Create a single VPC with three NAT gateways in a shared services account. Configure each account VPC with a default route through a VPC peering connection to the NAT gateway in the shared services account VPC. Remove all NAT gateways from the standard VPC template.
Remove two NAT gateways from the standard VPC template. Rely on the NAT gateway SLA to cover reliability for the remaining NAT gateway.
Create a single VPC with three NAT gateways in a shared services account. Configure a Site-to-Site VPN connection from each account to the shared services account. Remove all NAT gateways from the standard VPC template.
Explanations:
This solution creates a shared services VPC with NAT gateways, allowing all development team accounts to route through a centralized transit gateway, which reduces the need for multiple NAT gateways and minimizes costs. It maintains reliability and reduces operational complexity.
Although using VPC peering could reduce costs by centralizing NAT, it has limitations, such as not supporting transitive routing, which makes it unsuitable for centralizing NAT gateway access across multiple accounts in this scenario.
Removing two NAT gateways could reduce costs but compromises high availability and reliability since there is only one NAT gateway left in each VPC. This does not meet the requirement to maintain the reliability of the company’s solutions.
Site-to-Site VPN connections would introduce unnecessary complexity and latency for connecting multiple accounts to a shared NAT gateway. This option does not align with minimizing operational complexity, and it is not suitable for communication within AWS environments where transit gateway is preferred.
I categorize that the answer is:
Create a single VPC with three NAT gateways in a shared services account. Configure each account VPC with a default route through a transit gateway to the NAT gateway in the shared services account VPC. Remove all NAT gateways from the standard VPC template.
As far as I’m aware, the answer is:
Create a single VPC with three NAT gateways in a shared services account. Configure each account VPC with a default route through a transit gateway to the NAT gateway in the shared services account VPC. Remove all NAT gateways from the standard VPC template.