AWS Certified Solutions Architect – Associate (SAA-C02) — Question 557

A company wants to establish connectivity between its on-premises data center and AWS for an existing workload. The workload runs on Amazon EC2 instances in two VPCs in different AWS Regions. The VPCs need to communicate with each other. The company needs to provide connectivity from its data center to both
VPCs. The solution must support a bandwidth of 600 Mbps to the data center.
Which solution will meet these requirements?

Answer options

• A. Set up an AWS Site-to-Site VPN connection between the data center and one VPC. Create a VPC peering connection between the VPCs.
• B. Set up an AWS Site-to-Site VPN connection between the data center and each VPC. Create a VPC peering connection between the VPCs.
• C. Set up an AWS Direct Connect connection between the data center and one VPC. Create a VPC peering connection between the VPCs.
• D. Create a transit gateway. Attach both VPCs to the transit gateway. Create an AWS Site-to-Site VPN tunnel to the transit gateway.

Correct answer: D

Explanation

AWS Transit Gateway simplifies network routing by acting as a central hub that supports inter-region VPC peering and transit routing. This allows the on-premises data center to connect to multiple VPCs via a single AWS Site-to-Site VPN, which natively supports up to 1.25 Gbps of bandwidth, easily meeting the 600 Mbps requirement. Other options relying on VPC peering to route traffic from the data center to a peered VPC fail because VPC peering does not support transitive routing.