AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 359

A company has a VPC in the us-west-1 Region and another VPC in the ap-southeast-2 Region. Network engineers set up an AWS Direct Connect connection from their data center to the us-east-1 Region. They create a private virtual interface (VIF) that references a Direct Connect gateway, which is then connected to virtual private gateways in both VPCs. When the setup is complete, the engineers cannot access resources in us-west-1 from ap-southeast-2.
What should the network engineers do to resolve this issue?

Answer options

• A. Add the subnet range for the VPCs in us-west-1 and ap-southeast-2 to the route tables for both VPCs. Add the Direct Connect gateway as a target.
• B. Configure the Direct Connect gateway to route traffic between the VPCs in ap-southeast-2 and us-west-2.
• C. Establish a VPC peering connection between the VPCs in ap-southeast-2 and us-west-2. Add the subnet ranges to the routing tables.
• D. Create static routes in each VPC that point to the destination VPC with the virtual private gateway as the route target.

Correct answer: C

Explanation

An AWS Direct Connect gateway does not support transitive routing, meaning it cannot be used to route traffic directly from one attached VPC to another. To enable communication between the two VPCs, a VPC peering connection must be established directly between them with the appropriate route table updates. The other options are incorrect because neither a Direct Connect gateway nor a virtual private gateway can act as a transit hub for VPC-to-VPC traffic.