AWS Certified Solutions Architect – Associate (SAA-C02) — Question 205

A company has three VPCs named Development, Testing, and Production in the us-east-1 Region. The three VPCs need to be connected to an on-premises data center and are designed to be separate to maintain security and prevent any resource sharing. A solutions architect needs to find a scalable and secure solution.
What should the solutions architect recommend?

Answer options

• A. Create an AWS Direct Connect connection and a VPN connection for each VPC to connect back to the data center.
• B. Create VPC peers from all the VPCs to the Production VPC. Use an AWS Direct Connect connection from the Production VPC back to the data center.
• C. Connect VPN connections from all the VPCs to a VPN in the Production VPC. Use a VPN connection from the Production VPC back to the data center.
• D. Create a new VPC called Network. Within the Network VPC, create an AWS Transit Gateway with an AWS Direct Connect connection back to the data center. Attach all the other VPCs to the Network VPC.

Correct answer: D

Explanation

The correct option D establishes a centralized Network VPC with an AWS Transit Gateway, allowing for scalable and secure connections to the on-premises data center while keeping the VPCs separate. Option A is inefficient due to the number of connections required, while options B and C introduce potential security risks by interlinking VPCs, which contradicts the requirement for separation.