AWS Certified SysOps Administrator – Associate (SOA-C03) — Question 38

A global company uses an organization in AWS Organizations to manage multiple AWS accounts. To comply with regulations, the company deploys workload environments to five AWS Regions. The company has a separate AWS account for each Region.
The company needs to connect every environment's VPC to a central shared VPC that serves as a directory and to a shared monitoring VPC. The shared accounts are each in separate AWS accounts.
Which solution will meet these requirements?

Answer options

• A. Create a transit gateway in the central shared AWS account. Share the transit gateway with the company's AWS accounts. Connect all VPCs to the central transit gateway.
• B. Create a separate transit gateway in every Region where the company has deployed resources. Share the transit gateways with company's AWS accounts. Connect the VPC in each Region to the transit gateway that is in the same Region. Peer the transit gateways. Create appropriate routes in all route tables.
• C. Create a virtual private gateway for the shared VPCs. Create a customer gateway for the workload VPCs. Configure an AWS Site-to-Site VPN connection between the directory VPC, the monitoring VPC, and every workload VPC.
• D. Create VPC peering connections between the central shared VPC, the shared monitoring VPC, and every workload VPC.

Correct answer: B

Explanation

Option B is correct because it allows for localized management of VPC connections through transit gateways specific to each Region, ensuring efficient routing and compliance across multiple accounts. Option A fails to account for the regional separation of resources, while Option C introduces unnecessary complexity with VPN connections, and Option D lacks the scalability and management advantages of transit gateways.