AWS Certified Solutions Architect – Associate (SAA-C03) — Question 693

A company has an AWS Direct Connect connection from its corporate data center to its VPC in the us-east-1 Region. The company recently acquired a corporation that has several VPCs and a Direct Connect connection between its on-premises data center and the eu-west-2 Region. The CIDR blocks for the VPCs of the company and the corporation do not overlap. The company requires connectivity between two Regions and the data centers. The company needs a solution that is scalable while reducing operational overhead.

What should a solutions architect do to meet these requirements?

Answer options

• A. Set up inter-Region VPC peering between the VPC in us-east-1 and the VPCs in eu-west-2.
• B. Create private virtual interfaces from the Direct Connect connection in us-east-1 to the VPCs in eu-west-2.
• C. Establish VPN appliances in a fully meshed VPN network hosted by Amazon EC2. Use AWS VPN CloudHub to send and receive data between the data centers and each VPC.
• D. Connect the existing Direct Connect connection to a Direct Connect gateway. Route traffic from the virtual private gateways of the VPCs in each Region to the Direct Connect gateway.

Correct answer: D

Explanation

A Direct Connect gateway allows on-premises data centers to connect to VPCs across multiple AWS Regions over Direct Connect connections, providing a highly scalable and low-overhead architecture. Option D is correct because associating the Direct Connect connections and Virtual Private Gateways (VGWs) with a Direct Connect gateway enables any-to-any communication between the regions and data centers. Options A, B, and C either do not fully solve the multi-region data center connectivity requirement or introduce substantial operational overhead and complexity.