AWS Certified Solutions Architect – Professional — Question 669
A solutions architect is designing a solution to connect a company's on-premises network with all the company's current and future VPCs on AWS. The company is running VPCs in five different AWS Regions and has at least 15 VPCs in each Region.
The company's AWS usage is constantly increasing and will continue to grow. Additionally, all the VPCs throughout all five Regions must be able to communicate with each other.
The solution must maximize scalability and ease of management.
Which solution meets these requirements?
Answer options
- A. Set up a transit gateway in each Region. Establish a redundant AWS Site-to-Site VPN connection between the on-premises firewalls and the transit gateway in the Region that is closest to the on-premises network. Peer all the transit gateways with each other. Connect all the VPCs to the transit gateway in their Region.
- B. Create an AWS CloudFormation template for a redundant AWS Site-to-Site VPN tunnel to the on-premises network. Deploy the CloudFormation template for each VPC. Set up VPC peering between all the VPCs for VPC-to-VPC communication.
- C. Set up a transit gateway in each Region. Establish a redundant AWS Site-to-Site VPN connection between the on-premises firewalls and each transit gateway. Route traffic between the different Regions through the company's on-premises firewalls. Connect all the VPCs to the transit gateway in their Region.
- D. Create an AWS CloudFormation template for a redundant AWS Site-to-Site VPN tunnel to the on-premises network. Deploy the CloudFormation template for each VPC. Route traffic between the different Regions through the company's on-premises firewalls.
Correct answer: A
Explanation
Option A is the most scalable and manageable solution because AWS Transit Gateway acts as a cloud router, simplifying the network topology by connecting multiple VPCs to a single gateway per Region and peering them together. Creating separate VPN connections for dozens of individual VPCs (as proposed in B and D) introduces significant administrative overhead and does not scale. Routing inter-Region traffic through on-premises firewalls (as proposed in C and D) creates unnecessary network latency and turns the on-premises network into a performance bottleneck.