AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 366

A customer has set up multiple VPCs for Dev, Test, Prod, and Management. You need to set up AWS Direct Connect to enable data flow from on-premises to each VPC. The customer has monitoring software running in the Management VPC that collects metrics from the instances in all the other VPCs. Due to budget requirements, data transfer charges should be kept at minimum.
Which design should be recommended?

Answer options

• A. Create a total of four private VIFs, one for each VPC owned by the customer, and route traffic between VPCs using the Direct Connect link.
• B. Create a private VIF to the Management VPC, and peer this VPC to all other VPCs.
• C. Create a private VIF to the Management VPC, and peer this VPC to all other VPCs; enable source/destination NAT in the Management VPC.
• D. Create a total of four private VIFs, and enable VPC peering between all VPCs.

Correct answer: D

Explanation

To enable on-premises access to all four VPCs, individual private VIFs are required because VPC peering does not support transitive routing from an external connection through a peered VPC. By establishing VPC peering between the Management VPC and the other VPCs, monitoring traffic remains within the AWS network at minimal cost, rather than routing out and back over the expensive Direct Connect link. This design successfully satisfies both the direct on-premises connectivity requirement and the goal of minimizing data transfer fees.