AWS Certified Solutions Architect – Professional — Question 709
A company needs to establish a connection from its on-premises data center to AWS. The company needs to connect all of its VPCs that are located in different
AWS Regions with transitive routing capabilities between VPC networks. The company also must reduce network outbound traffic costs, increase bandwidth throughput, and provide a consistent network experience for end users.
Which solution will meet these requirements?
Answer options
- A. Create an AWS Site-to-Site VPN connection between the on-premises data center and a new central VPC. Create VPC peering connections that initiate from the central VPC to all other VPCs.
- B. Create an AWS Direct Connect connection between the on-premises data center and AWS. Provision a transit VIF, and connect it to a Direct Connect gateway. Connect the Direct Connect gateway to all the other VPCs by using a transit gateway in each Region.
- C. Create an AWS Site-to-Site VPN connection between the on-premises data center and a new central VPC. Use a transit gateway with dynamic routing. Connect the transit gateway to all other VPCs.
- D. Create an AWS Direct Connect connection between the on-premises data center and AWS. Establish an AWS Site-to-Site VPN connection between all VPCs in each Region. Create VPC peering connections that initiate from the central VPC to all other VPCs.
Correct answer: B
Explanation
AWS Direct Connect satisfies the requirements for reduced outbound data transfer costs, increased bandwidth, and a consistent network experience compared to internet-based VPN connections. By leveraging a transit virtual interface (transit VIF) connected to a Direct Connect gateway, which in turn connects to an AWS Transit Gateway in each Region, the organization can easily establish transitive routing across multiple VPCs in different Regions. Options relying on Site-to-Site VPN do not provide the same level of consistent throughput as Direct Connect, and VPC peering does not support transitive routing.