AWS Certified Solutions Architect – Associate (SAA-C02) — Question 474

A company runs an application in the AWS Cloud and uses Amazon DynamoDB as the database. The company deploys Amazon EC2 instances to a private network to process data from the database. The company uses two NAT instances to provide connectivity to DynamoDB.
The company wants to retire the NAT instances. A solutions architect must implement a solution that provides connectivity to DynamoDB and that does not require ongoing management.
What is the MOST cost-effective solution that meets these requirements?

Answer options

• A. Create a gateway VPC endpoint to provide connectivity to DynamoDB.
• B. Configure a managed NAT gateway to provide connectivity to DynamoDB.
• C. Establish an AWS Direct Connect connection between the private network and DynamoDB.
• D. Deploy an AWS PrivateLink endpoint service between the private network and DynamoDB.

Correct answer: A

Explanation

Gateway VPC endpoints provide secure, direct connectivity to Amazon DynamoDB from a private subnet without requiring internet gateways or NAT devices, and they are offered at no additional cost, making them the most cost-effective solution. In contrast, NAT gateways and AWS PrivateLink interface endpoints incur hourly and data processing charges, while AWS Direct Connect is an expensive hybrid networking service intended for on-premises connectivity. Therefore, a gateway VPC endpoint perfectly satisfies the requirement for a zero-management, highly economical solution.