AWS Certified Solutions Architect – Associate (SAA-C02) — Question 800

A company needs to connect its on-premises data center network to a new VPC. The data center network has a 100 Mbps symmetrical internet connection. An application that is running on premises will transfer multiple gigabytes of data each day. The application will use an Amazon Kinesis Data Firehose delivery stream for processing.
What should a solutions architect recommend for maximum performance?

Answer options

• A. Create a VPC peering connection between the on-premises network and the VPC. Configure routing for the on-premises network to use the VPC peering connection.
• B. Procure an AWS Snowball Edge Storage Optimized device. After several days' worth of data has accumulated, copy the data to the device and ship the device to AWS for expedited transfer to Kinesis Data Firehose Repeat as needed.
• C. Create an AWS Site-to-Site VPN connection between the on-premises network and the VPC. Configure BGP routing between the customer gateway and the virtual private gateway. Use the VPN connection to send the data from on premises to Kinesis Data Firehose.
• D. Use AWS PrivateLink to create an interface VPC endpoint for Kinesis Data Firehose in the VPC. Set up a 1 Gbps AWS Direct Connect connection between the on-premises network and AWS. Use the PrivateLink endpoint to send the data from on premises to Kinesis Data Firehose.

Correct answer: D

Explanation

Establishing a 1 Gbps AWS Direct Connect connection provides a dedicated, high-speed physical link that bypasses the public internet and overcomes the 100 Mbps bottleneck of the local internet connection, while AWS PrivateLink allows secure, private access to Kinesis Data Firehose. VPC peering does not support on-premises connections, and a Site-to-Site VPN would be bottlenecked by the slow 100 Mbps internet link. AWS Snowball Edge is designed for batch migrations and is not suitable for continuous daily streaming data ingestion.