AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 374

A customer has set up multiple VPCs for Dev, Test, Prod, and Management. You need to set up AWS Direct Connect to enable data flow from on-premises to each VPC. The customer has monitoring software running in the Management VPC that collects metrics from the instances in all the other VPCs. Due to budget requirements, data transfer charges should be kept at minimum.
Which design should be recommended?

Answer options

• A. Create a total of four private VIFs, one for each VPC owned by the customer, and route traffic between VPCs using the Direct Connect link.
• B. Create a private VIF to the Management VPC, and peer this VPC to all other VPCs.
• C. Create a private VIF to the Management VPC, and peer this VPC to all other VPCs; enable source/destination NAT in the Management VPC.
• D. Create a total of four private VIFs, and enable VPC peering between all VPCs.

Correct answer: D

Explanation

To enable on-premises access to all four VPCs, individual private VIFs must be created for each because AWS VPC peering does not support transitive routing (which rules out B and C). Using VPC peering for inter-VPC monitoring traffic keeps data transfer costs to a minimum compared to routing that traffic back and forth over the Direct Connect link (Option A).