What should a solutions architect do to accomplish this goal?
Create a peering VPC connection from each user’s VPC to the software vendor’s VPC.
Deploy a transit VPC in the software vendor’s AWS account. Create a VPN connection with each user account.
Connect the service in the VPC with an AWS Private Link endpoint. Have users subscribe to the endpoint.
Deploy a transit VPC in the software vendor’s AWS account. Create an AWS Direct Connect connection with each user account.
Explanations:
Creating a peering VPC connection for each user’s VPC would require significant administrative overhead and management, especially if there are many users. This option is not scalable and does not eliminate the exposure to the public internet effectively.
Deploying a transit VPC with a VPN connection for each user account would also involve substantial administrative effort. Additionally, it would introduce complexities in managing multiple VPN connections and does not address the need for easy access without public exposure.
Using AWS PrivateLink allows the software vendor to create an endpoint in their VPC that users can access privately from their VPCs. This solution eliminates exposure to the public internet and provides a secure and straightforward way for users to connect to the service with minimal administrative overhead.
Setting up a transit VPC with AWS Direct Connect connections for each user account would be overly complex and costly. Direct Connect is typically used for high-throughput connections and would involve significant management overhead, making it impractical for a SaaS solution.