AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 171
A company has agreed to collaborate with a partner for a research project. The company has multiple VPCs in the us-east-1 Region that use CIDR blocks within 10.10.0.0/16. The VPCs are connected by a transit gateway that is named TGW-C in us-east-1. TGW-C has an Autonomous System Number (ASN) configuration value of 64520.
The partner has multiple VPCs in us-east-1 that use CIDR blocks within 172.16.0.0/16. The VPCs are connected by a transit gateway that is named TGW-P in us-east-1. TGW-P has an ASN configuration value of 64530.
A network engineer needs to establish network connectivity between the company's VPCs and the partner's VPCs in us-east-1.
Which solution will meet these requirements with MINIMUM changes to both networks?
Answer options
- A. Create a new VPC in a new account. Deploy a router from AWS Marketplace. Share TGW-C and TGW-P with the new account by using AWS Resource Access Manager (AWS RAM). Associate TGW-C and TGW-P with the new VPC. Configure the router in the new VPC to route between TGW-C and TGW-P.
- B. Create an IPsec VPN connection between TGW-C and TGW-P. Configure the routing between the transit gateways to use the IPsec VPN connection.
- C. Configure a cross-account transit gateway peering attachment between TGW-C and TGW-P. Configure the routing between the transit gateways to use the peering attachment.
- D. Share TGW-C with the partner account by using AWS Resource Access Manager (AWS RAM). Associate the partner VPCs with TGW-C. Configure routing in the partner VPCs and TGW-C.
Correct answer: C
Explanation
The correct answer is C because creating a cross-account transit gateway peering attachment enables direct connectivity between TGW-C and TGW-P with minimal changes required to either network. Option A involves unnecessary complexity by creating a new VPC, while Option B adds an IPsec VPN, which is not needed for this scenario. Option D only shares TGW-C but does not establish the required connection to TGW-P.