How should the SysOps Administrator connect the two VPCs while meeting the compliance requirements?

By:
In: SOA-C01
Tagged:
With: 1 Comment
A company is concerned about its ability to recover from a disaster because all of its Amazon EC2 instances are located in a single Amazon VPC in us-east-1.A second Amazon VPC has been configured in eu-west-1 to act as a backup VPC in case of an outage.Data will be replicated from the primary region to the secondary region.The Information Security team’s compliance requirements specify that all data must be encrypted and must not traverse the public internet.

How should the SysOps Administrator connect the two VPCs while meeting the compliance requirements?

Configure EC2 instances to act as VPN appliances, then configure route tables.

Configure inter-region VPC peering between the two VPCs, then configure route tables.

Configure NAT gateways in both VPCs, then configure route tables.

Configure an internet gateway in each VPC, and use these as the targets for the VPC route tables.

Explanations:

Configuring EC2 instances as VPN appliances is not a scalable or secure solution. VPN connections may expose data to the public internet unless specifically configured with encryption and private connectivity.

Inter-region VPC peering allows private connectivity between the VPCs, and traffic between regions stays within the AWS network, meeting the encryption and compliance requirements.

NAT gateways are designed for outbound internet access from private subnets and do not meet the requirement for secure, private, inter-region connectivity.

Internet gateways would expose traffic to the public internet, violating the compliance requirement of not traversing the public internet.

2025-10-07

1 Comment

  1. Matthew
    Author

    I gauge that the answer is:
    Configure inter-region VPC peering between the two VPCs, then configure route tables.

Leave a Reply

Your email address will not be published. Required fields are marked *

eleven − 1 =