AWS Certified Solutions Architect – Associate (SAA-C03) — Question 366

A company is running several business applications in three separate VPCs within the us-east-1 Region. The applications must be able to communicate between VPCs. The applications also must be able to consistently send hundreds of gigabytes of data each day to a latency-sensitive application that runs in a single on-premises data center.

A solutions architect needs to design a network connectivity solution that maximizes cost-effectiveness.

Which solution meets these requirements?

Answer options

• A. Configure three AWS Site-to-Site VPN connections from the data center to AWS. Establish connectivity by configuring one VPN connection for each VPC.
• B. Launch a third-party virtual network appliance in each VPC. Establish an IPsec VPN tunnel between the data center and each virtual appliance.
• C. Set up three AWS Direct Connect connections from the data center to a Direct Connect gateway in us-east-1. Establish connectivity by configuring each VPC to use one of the Direct Connect connections.
• D. Set up one AWS Direct Connect connection from the data center to AWS. Create a transit gateway, and attach each VPC to the transit gateway. Establish connectivity between the Direct Connect connection and the transit gateway.

Correct answer: D

Explanation

AWS Direct Connect is required to handle the large, latency-sensitive daily data transfers of hundreds of gigabytes, making VPN-based options (A and B) unsuitable. Using a single Direct Connect connection combined with an AWS Transit Gateway (D) is highly cost-effective and simplifies management compared to deploying three separate Direct Connect connections (C). This architecture easily facilitates both inter-VPC routing and streamlined, high-throughput hybrid connectivity to the on-premises data center.