AWS Certified Solutions Architect – Associate (SAA-C03) — Question 237

An application running on an Amazon EC2 instance in VPC-A needs to access files in another EC2 instance in VPC-B. Both VPCs are in separate AWS accounts. The network administrator needs to design a solution to configure secure access to EC2 instance in VPC-B from VPC-A. The connectivity should not have a single point of failure or bandwidth concerns.

Which solution will meet these requirements?

Answer options

• A. Set up a VPC peering connection between VPC-A and VPC-B.
• B. Set up VPC gateway endpoints for the EC2 instance running in VPC-B.
• C. Attach a virtual private gateway to VPC-B and set up routing from VPC-A.
• D. Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-A.

Correct answer: A

Explanation

The correct answer is A, as a VPC peering connection allows direct communication between instances in different VPCs without a single point of failure, addressing both security and bandwidth concerns. Option B is incorrect because VPC gateway endpoints do not facilitate traffic between VPCs. Option C is not suitable because attaching a virtual private gateway primarily serves for VPN connections, not for direct VPC communication. Option D, while it suggests a private virtual interface, does not provide the direct VPC connectivity that is required in this scenario.