Which solution will provide the required connectivity to the DB cluster with the LEAST operational overhead?
Create an AWS Resource Access Manager (AWS RAM) resource share for the DB cluster. Share the DB cluster with all the development accounts.
Create a transit gateway in the shared services account. Create an AWS Resource Access Manager (AWS RAM) resource share for the transit gateway. Share the transit gateway with all the development accounts. Instruct the developers to accept the resource share. Configure networking.
Create an Application Load Balancer (ALB) that points to the IP address of the DB cluster. Create an AWS PrivateLink endpoint service that uses the ALB. Add permissions to allow each development account to connect to the endpoint service.
Create an AWS Site-to-Site VPN connection in the shared services account. Configure networking. Use AWS Marketplace VPN software in each development account to connect to the Site-to-Site VPN connection.
Explanations:
AWS Resource Access Manager (AWS RAM) allows sharing of resources, but Amazon Aurora does not support being shared directly with AWS RAM. The DB cluster must be accessed through networking solutions instead.
Creating a transit gateway and sharing it with the development accounts allows seamless connectivity to the Aurora DB cluster with minimal operational overhead. This setup enables private connectivity without needing complex configurations or managing multiple VPNs.
Using an Application Load Balancer (ALB) for database access is not suitable, as ALBs are designed for HTTP/HTTPS traffic and cannot be used for database protocols. Furthermore, this option introduces unnecessary complexity and operational overhead.
Setting up a Site-to-Site VPN connection involves more operational overhead, as it requires configuring VPN software in each development account. This approach is more complex and less efficient than using a transit gateway.