Which solution will meet these requirements?

By:
On:
In: SAP-C02
Tagged:
With: 0 Comments
A company has many services running in its on-premises data center.The data center is connected to AWS using AWS Direct Connect (DX) and an IPSec VPN.The service data is sensitive and connectivity cannot traverse the internet.The company wants to expand into a new market segment and begin offering its services to other companies that are using AWS.

Which solution will meet these requirements?

Create a VPC Endpoint Service that accepts TCP traffic, host it behind a Network Load Balancer, and make the service available over DX.

Create a VPC Endpoint Service that accepts HTTP or HTTPS traffic, host it behind an Application Load Balancer, and make the service available over DX.

Attach an internet gateway to the VPC, and ensure that network access control and security group rules allow the relevant inbound and outbound traffic.

Attach a NAT gateway to the VPC, and ensure that network access control and security group rules allow the relevant inbound and outbound traffic.

Explanations:

Creating a VPC Endpoint Service with a Network Load Balancer allows the company to securely expose its service to other AWS accounts without using the internet. Direct Connect provides a private connection, meeting the security needs.

Application Load Balancers are generally used for HTTP/HTTPS traffic. For VPC Endpoint Services, Network Load Balancers are required, as they handle TCP connections and integrate with private endpoints.

Attaching an internet gateway would route traffic over the public internet, which violates the requirement that connectivity must not traverse the internet.

A NAT gateway provides outbound internet access for instances in a private subnet, which does not meet the need to privately expose the service to other AWS accounts over Direct Connect.

Leave a Reply

Your email address will not be published. Required fields are marked *

nineteen − 17 =