AWS Certified Solutions Architect – Professional (SAP-C02) — Question 126

A software company hosts an application on AWS with resources in multiple AWS accounts and Regions. The application runs on a group of Amazon EC2 instances in an application VPC located in the us-east-1 Region with an IPv4 CIDR block of 10.10.0.0/16. In a different AWS account, a shared services VPC is located in the us-east-2 Region with an IPv4 CIDR block of 10.10.10.0/24. When a cloud engineer uses AWS CloudFormation to attempt to peer the application VPC with the shared services VPC, an error message indicates a peering failure.

Which factors could cause this error? (Choose two.)

Answer options

• A. The IPv4 CIDR ranges of the two VPCs overlap
• B. The VPCs are not in the same Region
• C. One or both accounts do not have access to an Internet gateway
• D. One of the VPCs was not shared through AWS Resource Access Manager
• E. The IAM role in the peer accepter account does not have the correct permissions

Correct answer: A, E

Explanation

The correct answer is A because overlapping IPv4 CIDR blocks prevent VPC peering from being established. E is also correct since the IAM role in the peer accepter account must have the appropriate permissions to allow the peering connection. Options B, C, and D are incorrect because the regions do not affect the peering when the proper configurations and permissions are in place.