AWS Certified Solutions Architect – Associate (SAA-C02) — Question 370

A company is using a VPC peering strategy to connect its VPCs in a single Region to allow for cross-communication. A recent increase in account creations and
VPCs has made it difficult to maintain the VPC peering strategy, and the company expects to grow to hundreds of VPCs. There are also new requests to create site-to-site VPNs with some of the VPCs. A solutions architect has been tasked with creating a centrally managed networking setup for multiple accounts, VPCs, and VPNs.
Which networking solution meets these requirements?

Answer options

• A. Configure shared VPCs and VPNs and share to each other.
• B. Configure a hub-and-spoke VPC and route all traffic through VPC peering.
• C. Configure an AWS Direct Connect connection between all VPCs and VPNs.
• D. Configure a transit gateway with AWS Transit Gateway and connect all VPCs and VPNs.

Correct answer: D

Explanation

AWS Transit Gateway acts as a highly scalable cloud router, making it the ideal solution for connecting hundreds of VPCs and managing multiple VPN connections centrally. VPC peering does not support transitive routing, making a hub-and-spoke peering topology complex and difficult to manage at scale. Shared VPCs and AWS Direct Connect do not inherently solve the centralized routing and scaling challenges for hundreds of VPCs and VPNs as effectively as Transit Gateway.