Which combination of steps will meet these requirements?

By:
In: SAP-C01
Tagged:
With: 1 Comment
A company is migrating some of its applications to AWS.The company wants to migrate and modernize the applications quickly after it finalizes networking and security strategies.The company has set up an AWS Direct Connection connection in a central network account.The company expects to have hundreds of AWS accounts and VPCs in the near future.The corporate network must be able to access the resources on AWS seamlessly and also must be able to communicate with all the VPCs.The company also wants to route its cloud resources to the internet through its on-premises data center.

Which combination of steps will meet these requirements?

(Choose three.)

Create a Direct Connect gateway in the central account. In each of the accounts, create an association proposal by using the Direct Connect gateway and the account ID for every virtual private gateway.

Create a Direct Connect gateway and a transit gateway in the central network account. Attach the transit gateway to the Direct Connect gateway by using a transit VIF.

Provision an internet gateway. Attach the internet gateway to subnets. Allow internet traffic through the gateway.

Share the transit gateway with other accounts. Attach VPCs to the transit gateway.

Provision VPC peering as necessary.

Provision only private subnets. Open the necessary route on the transit gateway and customer gateway to allow outbound internet traffic from AWS to flow through NAT services that run in the data center.

Explanations:

While creating a Direct Connect gateway and associating it with each account’s virtual private gateway is a valid step, it does not provide a comprehensive solution for seamless communication between the corporate network and all VPCs, nor does it address routing traffic to the internet through the on-premises data center.

This step is crucial as it establishes a Direct Connect gateway that can connect to a transit gateway, which simplifies the management of multiple VPCs and allows for centralized routing of traffic to and from the corporate network and AWS resources.

Provisioning an internet gateway and attaching it to subnets allows internet access but does not meet the requirement for routing traffic through the on-premises data center. The traffic would not flow through the corporate network in this setup.

Sharing the transit gateway with other accounts allows for VPCs in different accounts to communicate with each other through the transit gateway, facilitating seamless communication across the organization’s AWS infrastructure.

While VPC peering can enable communication between specific VPCs, it does not provide the scalability and centralized management required for hundreds of VPCs and accounts. It also does not help in routing internet traffic through the on-premises data center.

Provisioning private subnets and configuring the necessary routing through the transit gateway and customer gateway enables outbound internet traffic from AWS to flow through NAT services in the data center, meeting the requirement for routing cloud resources to the internet through on-premises infrastructure.

2025-09-29

1 Comment

  1. Isabella
    Author

    I outline that the answer is:
    Create a Direct Connect gateway and a transit gateway in the central network account. Attach the transit gateway to the Direct Connect gateway by using a transit VIF.

Leave a Reply

Your email address will not be published. Required fields are marked *

9 + 4 =