What should the solutions architect do to meet these requirements?
Provision an AWS Direct Connect connection to a Region. Provision a VPN connection as a backup if the primary Direct Connect connection fails.
Provision a VPN tunnel connection to a Region for private connectivity. Provision a second VPN tunnel for private connectivity and as a backup if the primary VPN connection fails.
Provision an AWS Direct Connect connection to a Region. Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails.
Provision an AWS Direct Connect connection to a Region. Use the Direct Connect failover attribute from the AWS CLI to automatically create a backup connection if the primary Direct Connect connection fails.
Explanations:
Direct Connect provides a dedicated, low-latency, high-availability connection. The VPN serves as a backup in case Direct Connect fails, ensuring minimal traffic disruption at a reduced cost.
VPN tunnels are a lower-cost option compared to Direct Connect, but do not offer the same low-latency and high-availability performance as Direct Connect. Having two VPN connections doesn’t fully meet the high availability and low latency requirements.
While having a second Direct Connect connection provides redundancy, it does not minimize costs as effectively as a VPN backup. A second Direct Connect connection would still be costly and may not meet the company’s cost optimization needs.
The AWS CLI doesn’t provide a mechanism to automatically create a backup connection for Direct Connect. The failover attribute refers to routing behavior rather than automatic creation of backup connections, making this option unfeasible.
I reckon the answer is:
Provision an AWS Direct Connect connection to a Region. Provision a VPN connection as a backup if the primary Direct Connect connection fails.