AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 85

A company is using AWS to host all of its applications. Each application is isolated in its own Amazon VPC. Different environments such as Development, Test, and Production are also isolated in their own VPCs. The network engineer needs to automate VPC creation to enforce the company's network and security standards. Additionally, the CIDR range used in each VPC needs to be unique.
Which solution meets all of these requirements?

Answer options

• A. Use AWS CloudFormation to deploy the VPC infrastructure and a custom resource to request a CIDR range from an external IP address management (IPAM) service.
• B. Use AWS OpsWorks to deploy the VPC infrastructure and a custom resource to request a CIDR range from an external IP address management (IPAM) service.
• C. Use the VPC wizard in the AWS Management Console. Type in the CIDR blocks for the VPC and subnets.
• D. Create the VPCs using AWS CLI and use the dry-run flag to validate if the current CIDR range is in use.

Correct answer: A

Explanation

The correct answer is A because AWS CloudFormation allows for automated deployment of resources while ensuring compliance with network and security standards, and it can integrate with external IPAM services for unique CIDR allocation. Options B and C do not provide the same level of automation and adherence to standards, while option D does not fulfill the requirement for automatic CIDR range management.