AWS Certified Solutions Architect – Professional — Question 485

A software company hosts an application on AWS with resources in multiple AWS accounts and Regions. The application runs on a group of Amazon EC2 instances in an application VPC located in the us-east-1 Region with an IPv4 CIDR block of 10.10.0.0/16. In a different AWS account, a shared services VPC is located in the us-east-2 Region with an IPv4 CIDR block of 10.10.10.0/24. When a cloud engineer uses AWS CloudFormation to attempt to peer the application
VPC with the shared services VPC, an error message indicates a peering failure.
Which factors could cause this error? (Choose two.)

Answer options

• A. The IPv4 CIDR ranges of the two VPCs overlap
• B. The VPCs are not in the same Region
• C. One or both accounts do not have access to an Internet gateway
• D. One of the VPCs was not shared through AWS Resource Access Manager
• E. The IAM role in the peer accepter account does not have the correct permissions

Correct answer: A, E

Explanation

VPC peering cannot be established if the IP address ranges overlap, and since 10.10.10.0/24 is a subset of 10.10.0.0/16, the CIDRs do overlap. Additionally, for cross-account VPC peering, the IAM role in the accepter account must have the correct permissions to accept the connection. Inter-Region peering is fully supported, and neither Internet gateways nor AWS Resource Access Manager are required for VPC peering.