Which combination of steps will provide the required VPC connectivity with the LEAST operational overhead?

By:
In: SAP-C02
Tagged:
With: 1 Comment
A software as a service (SaaS) company provides a media software solution to customers.The solution is hosted on 50 VPCs across various AWS Regions and AWS accounts.One of the VPCs is designated as a management VPC.The compute resources in the VPCs work independently.The company has developed a new feature that requires all 50 VPCs to be able to communicate with each other.The new feature also requires one-way access from each customer’s VPC to the company’s management VPC.The management VPC hosts a compute resource that validates licenses for the media software solution.The number of VPCs that the company will use to host the solution will continue to increase as the solution grows.

Which combination of steps will provide the required VPC connectivity with the LEAST operational overhead?

(Choose two.)

Create a transit gateway. Attach all the company’s VPCs and relevant subnets to the transit gateway.

Create VPC peering connections between all the company’s VPCs.

Create a Network Load Balancer (NLB) that points to the compute resource for license validation. Create an AWS PrivateLink endpoint service that is available to each customer’s VPAssociate the endpoint service with the NLB.

Create a VPN appliance in each customer’s VPC. Connect the company’s management VPC to each customer’s VPC by using AWS Site-to-Site VPN.

Create a VPC peering connection between the company’s management VPC and each customer’s VPC.

Explanations:

Creating a transit gateway allows for scalable and simplified connectivity between multiple VPCs. By attaching all VPCs to a single transit gateway, the company can facilitate communication between all VPCs with minimal operational overhead and easily add more VPCs in the future.

VPC peering connections between all VPCs would lead to a complex mesh network, as each VPC would need to be connected individually to every other VPC. This approach increases operational overhead and is not scalable for the growing number of VPCs.

Implementing an NLB with AWS PrivateLink allows secure one-way access from each customer’s VPC to the management VPC. This method provides a managed service for communication while limiting the complexity of VPC connections, thus minimizing operational overhead.

Setting up a VPN appliance in each customer’s VPC and connecting to the management VPC via AWS Site-to-Site VPN introduces unnecessary complexity and operational overhead. It also requires additional management for each VPN connection, which is not efficient.

Creating VPC peering connections between the management VPC and each customer’s VPC increases the number of connections required as more customer VPCs are added. This method can quickly become unmanageable and doesn’t scale well, leading to increased operational overhead.

2025-10-18

1 Comment

  1. Judith
    Author

    As I see it, the answer is:
    Create a transit gateway. Attach all the company’s VPCs and relevant subnets to the transit gateway.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × 5 =