AWS Certified Solutions Architect – Associate (SAA-C02) — Question 356

A company is using Site-to-Site VPN connections for secure connectivity to its AWS Cloud resources from on premises. Due to an increase in traffic across the
VPN connections to the Amazon EC2 instances, users are experiencing slower VPN connectivity.
Which solution will improve the VPN throughput?

Answer options

• A. Implement multiple customer gateways for the same network to scale the throughput.
• B. Use a transit gateway with equal cost multipath routing and add additional VPN tunnels.
• C. Configure a virtual private gateway with equal cost multipath routing and multiple channels.
• D. Increase the number of tunnels in the VPN configuration to scale the throughput beyond the default limit.

Correct answer: B

Explanation

An AWS Site-to-Site VPN connection has a maximum throughput limit of 1.25 Gbps per tunnel. By associating the VPN connections with an AWS Transit Gateway and enabling Equal Cost Multipath (ECMP) routing, multiple active VPN tunnels can be aggregated to scale the overall throughput beyond this limit. Virtual private gateways (VGW) do not support ECMP to aggregate bandwidth across multiple VPN tunnels.