AWS Certified Solutions Architect – Professional — Question 414

You are designing the network infrastructure for an application server in Amazon VPC. Users will access all application instances from the Internet, as well as from an on-premises network. The on-premises network is connected to your VPC over an AWS Direct Connect link.
How would you design routing to meet the above requirements?

Answer options

• A. Configure a single routing table with a default route via the Internet gateway. Propagate a default route via BGP on the AWS Direct Connect customer router. Associate the routing table with all VPC subnets.
• B. Configure a single routing table with a default route via the Internet gateway. Propagate specific routes for the on-premises networks via BGP on the AWS Direct Connect customer router. Associate the routing table with all VPC subnets.
• C. Configure a single routing table with two default routes: on to the Internet via an Internet gateway, the other to the on-premises network via the VPN gateway. Use this routing table across all subnets in the VPC.
• D. Configure two routing tables: on that has a default router via the Internet gateway, and other that has a default route via the VPN gateway. Associate both routing tables with each VPC subnet.

Correct answer: B

Explanation

Option B is correct because propagating specific on-premises routes via BGP allows the VPC route table to forward on-premises traffic to the Direct Connect link, while internet-bound traffic goes through the default route (0.0.0.0/0) via the Internet gateway. Option A is incorrect because having two conflicting default routes (one via the Internet gateway and one propagated via BGP) would cause routing conflicts. Options C and D are invalid because a route table cannot have multiple conflicting default routes, and a VPC subnet can only be associated with a single route table at any given time.