Which solution will mast these requirements?

A company runs workloads on AWS.The company needs to connect to a service from an external provider.The service is hosted in the provider’s VPC.According to the company’s security team, the connectivity must be private and must be restricted to the target service.The connection must be initiated only from the company’s VPC.

Which solution will mast these requirements?

Create a VPC peering connection between the company’s VPC and the provider’s VPC. Update the route table to connect to the target service.

Ask the provider to create a virtual private gateway in its VPC. Use AWS PrivateLink to connect to the target service.

Create a NAT gateway in a public subnet of the company’s VPUpdate the route table to connect to the target service.

Ask the provider to create a VPC endpoint for the target service. Use AWS PrivateLink to connect to the target service.

Explanations:

VPC peering allows for private connectivity but does not inherently restrict access only to the target service and could expose other services in the provider’s VPC.

A virtual private gateway is not needed in this scenario. AWS PrivateLink allows for private connections but requires a VPC endpoint on the provider’s side, which is not addressed here.

A NAT gateway is used for allowing outbound internet traffic from a private subnet; it does not meet the requirement for private connectivity to a specific target service in another VPC.

Creating a VPC endpoint for the target service and using AWS PrivateLink allows for secure and private connectivity to the service while restricting access only to the specified service.

Free study guides, practices test, sample questions

Which solution will mast these requirements?

Explanations:

1 Comment

Leave a Reply Cancel reply