A software as a service (SaaS) company provides a media software solution to customers. T…

Question

A software as a service (SaaS) company provides a media software solution to customers. The solution is hosted on 50 VPCs across various AWS Regions and AWS accounts. One of the VPCs is designated as a management VPC. The compute resources in the VPCs work independently. The company has developed a new feature that requires all 50 VPCs to be able to communicate with each other. The new feature also requires one-way access from each customer's VPC to the company's management VPC. The management VPC hosts a compute resource that validates licenses for the media software solution. The number of VPCs that the company will use to host the solution will continue to increase as the solution grows. Which combination of steps will provide the required VPC connectivity with the LEAST operational overhead? (Choose two.)

Accepted Answer

Correct answer: A, C. A. Create a transit gateway. Attach all the company's VPCs and relevant subnets to the transit gateway. — C. Create a Network Load Balancer (NLB) that points to the compute resource for license validation. Create an AWS PrivateLink endpoint service that is available to each customer's VPAssociate the endpoint service with the NLB. — AWS Transit Gateway is the most scalable solution to connect 50 or more VPCs in a full mesh topology with minimal administrative overhead, avoiding the complex route table management of VPC peering. For the unidirectional license validation requirement, AWS PrivateLink with a Network Load Balancer (NLB) allows customer VPCs to securely access the service in the management VPC without exposing the management VPC's network or requiring complex routing. Other options, like full-mesh VPC peering or Site-to-Site VPNs, introduce significant operational complexity and do not scale easily.

AWS Certified Solutions Architect – Professional (SAP-C02) — Question 432

Answer options

Correct answer: A, C

Explanation