AWS Certified Solutions Architect – Associate (SAA-C03) — Question 767

A company collects and processes data from a vendor. The vendor stores its data in an Amazon RDS for MySQL database in the vendor's own AWS account. The company’s VPC does not have an internet gateway, an AWS Direct Connect connection, or an AWS Site-to-Site VPN connection. The company needs to access the data that is in the vendor database.

Which solution will meet this requirement?

Answer options

• A. Instruct the vendor to sign up for the AWS Hosted Connection Direct Connect Program. Use VPC peering to connect the company's VPC and the vendor's VPC.
• B. Configure a client VPN connection between the company's VPC and the vendor's VPC. Use VPC peering to connect the company's VPC and the vendor's VPC.
• C. Instruct the vendor to create a Network Load Balancer (NLB). Place the NLB in front of the Amazon RDS for MySQL database. Use AWS PrivateLink to integrate the company's VPC and the vendor's VPC.
• D. Use AWS Transit Gateway to integrate the company's VPC and the vendor's VPC. Use VPC peering to connect the company’s VPC and the vendor's VPC.

Correct answer: C

Explanation

AWS PrivateLink provides private connectivity between VPCs and services without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. By placing a Network Load Balancer (NLB) in front of the Amazon RDS for MySQL database, the vendor can expose the database as an endpoint service that the company can access privately via an interface VPC endpoint. Other options involving VPC peering or VPNs are not viable or secure given the total lack of external connectivity in the company's VPC.