AWS Certified Solutions Architect – Professional — Question 1012
A company has set up a multi-account AWS environment by using AWS Control Tower. Each AWS account that AWS Control Tower creates has its own VPC.
The company is developing an application that will integrate with many microservices. The company has designated a specific account to host the application. The company will deploy the microservices on Amazon EC2 instances and will implement the microservices across multiple AWS accounts.
The microservices require a high degree of interconnectivity. The company needs a solution that will give the application the ability to communicate privately with the microservices. The solution also must minimize cost and operational overhead.
Which solution will meet these requirements?
Answer options
- A. Use AWS VPN CloudHub to connect the application VPC to all the other VPCs. Use a virtual private gateway to provide traffic flow between all the VPCs.
- B. Create VPC peering connections between the application VPC and all the other VPCs. Update the security groups and route tables to allow traffic flow between all the VPCs.
- C. Create a transit gateway in the application account. Attach the application VPC and all the other VPCs to the transit gateway. Create a transit gateway route table to direct traffic between the VPCs.
- D. Share the application VPC with the other AWS accounts by using AWS Resource Access Manager (AWS RAM). Deploy the microservices in the shared VPC.
Correct answer: C
Explanation
AWS Transit Gateway serves as a centralized hub that simplifies network routing and minimizes operational overhead when interconnecting numerous VPCs across multiple AWS accounts. While VPC peering could connect the VPCs, managing a mesh of peering connections at scale introduces high operational complexity. AWS VPN CloudHub is unnecessary and adds overhead for internal AWS-to-AWS traffic, and sharing a single VPC via AWS RAM does not align with the existing multi-account VPC structure established by AWS Control Tower.