A software company is using three AWS accounts for each of its 10 development teams. The…

Question

A software company is using three AWS accounts for each of its 10 development teams. The company has developed an AWS CloudFormation standard VPC template that includes three NAT gateways. The template is added to each account for each team. The company is concerned that network costs will increase each time a new development team is added. A solutions architect must maintain the reliability of the company's solutions and minimize operational complexity.
What should the solutions architect do to reduce the network costs while meeting these requirements?

Accepted Answer

Correct answer: A. A. Create a single VPC with three NAT gateways in a shared services account. Configure each account VPC with a default route through a transit gateway to the NAT gateway in the shared services account VPC. Remove all NAT gateways from the standard VPC template. — Option A is correct because AWS Transit Gateway supports transitive routing, allowing multiple VPCs to share a centralized pool of NAT gateways in a shared services account, which significantly reduces hourly NAT gateway fees while maintaining multi-AZ high availability. Option B is incorrect because VPC peering does not support transitive routing to a NAT gateway in another VPC. Option C compromises reliability by introducing a single point of failure, while Option D adds unnecessary operational complexity and cost through VPN tunnels.

AWS Certified Solutions Architect – Professional — Question 698

Answer options

Correct answer: A

Explanation