AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 35

Your hybrid networking environment consists of two application VPCs, a shared services VPC, and your corporate network. The corporate network is connected to the shared services VPC via an IPsec VPN with dynamic (BGP) routing enabled.
The applications require access to a common authentication service in the shared services VPC. You need to enable native network access from the corporate network to both application VPCs.
Which step should you take to meet the requirements?

Answer options

• A. Use VPC peering to peer the application VPCs with the shared services VPC, and enable associated routing in the shared services VPC via the corporate VPN.
• B. Configure an IPsec VPN between the virtual private gateway in each application VPC to the virtual private gateway in the shared services VPC.
• C. Configure additional IPsec VPNs for each application VPC back to the corporate network, and enable VPC peering to the shared services VPC.
• D. Enable CloudHub functionality to route traffic between the three VPCs and the corporate network using dynamic BGP routing.

Correct answer: C

Explanation

The correct answer is C because configuring additional IPsec VPNs for each application VPC establishes direct connections to the corporate network, ensuring that both application VPCs can access the shared authentication service. Option A does not provide the necessary direct access from the corporate network to each application VPC, while option B only connects the application VPCs to the shared services VPC without corporate access. Option D focuses on CloudHub, which is not necessary for this scenario since direct VPN connections are a more straightforward solution.