Which network design will meet these requirements?
Create a VPC peering connection between the eu-west-1 VPC and the ap-southeast-2 VPC. Create an inbound rule in the eu-west-1 application security group that allows traffic from the database server IP addresses in the ap-southeast-2 security group.
Configure a VPC peering connection between the ap-southeast-2 VPC and the eu-west-1 VPC. Update the subnet route tables. Create an inbound rule in the ap-southeast-2 database security group that references the security group ID of the application servers in eu-west-1.
Configure a VPC peering connection between the ap-southeast-2 VPC and the eu-west-1 VPUpdate the subnet route tables. Create an inbound rule in the ap-southeast-2 database security group that allows traffic from the eu-west-1 application server IP addresses.
Create a transit gateway with a peering attachment between the eu-west-1 VPC and the ap-southeast-2 VPC. After the transit gateways are properly peered and routing is configured, create an inbound rule in the database security group that references the security group ID of the application servers in eu-west-1.
Explanations:
VPC peering connections must be configured correctly to allow traffic. Simply creating a peering connection and allowing traffic from specific IP addresses does not ensure proper routing and security group configurations are set, thus it won’t facilitate secure communication between the two regions.
While a VPC peering connection is mentioned, it incorrectly suggests that the security group rule should reference the security group ID of the application servers in eu-west-1. Security groups can only reference IP addresses or CIDR blocks, not other security groups across different VPCs in peering connections.
This option correctly describes the process of configuring a VPC peering connection, updating route tables for proper traffic flow, and allowing traffic from the eu-west-1 application servers to the ap-southeast-2 database by specifying the correct inbound rules in the database security group.
Although using a transit gateway can facilitate communication between VPCs in different regions, this option complicates the setup unnecessarily for a direct VPC peering case. Moreover, it incorrectly implies that the security group can reference another security group in a different VPC, which is not allowed.