AWS Certified Solutions Architect – Associate (SAA-C03) — Question 647

A company is creating an application. The company stores data from tests of the application in multiple on-premises locations.

The company needs to connect the on-premises locations to VPCs in an AWS Region in the AWS Cloud. The number of accounts and VPCs will increase during the next year. The network architecture must simplify the administration of new connections and must provide the ability to scale.

Which solution will meet these requirements with the LEAST administrative overhead?

Answer options

• A. Create a peering connection between the VPCs. Create a VPN connection between the VPCs and the on-premises locations.
• B. Launch an Amazon EC2 instance. On the instance, include VPN software that uses a VPN connection to connect all VPCs and on-premises locations.
• C. Create a transit gateway. Create VPC attachments for the VPC connections. Create VPN attachments for the on-premises connections.
• D. Create an AWS Direct Connect connection between the on-premises locations and a central VPC. Connect the central VPC to other VPCs by using peering connections.

Correct answer: C

Explanation

AWS Transit Gateway acts as a highly scalable, centralized cloud router that simplifies network architecture by connecting multiple VPCs and on-premises networks through a single hub, minimizing administrative effort. In contrast, mesh VPC peering (Option A and D) does not scale easily due to transitive routing limitations and a high number of point-to-point connections. Option B introduces high operational overhead and a single point of failure by requiring the manual management of VPN software on an EC2 instance.