AWS Certified Solutions Architect – Professional — Question 753

A company uses AWS Organizations. The company creates a central VPC in an AWS account that is designated for networking in a single AWS Region. The central VPC has an AWS Site-to-Site VPN connection to the company's on-premises network. A solutions architect must create another AWS account that uses the same networking resources that the central VPC uses.

Which solution meets these requirements MOST cost-effectively?

Answer options

• A. Create a VPC in the new AWS account. Create a new Site-to-Site VPN connection for the on-premises connection.
• B. Use AWS Resource Access Manager to share the VPN connection in the central VPC with the new AWS account.
• C. Create a VPC in the new AWS account. Configure a virtual private gateway to connect to the central VPC.
• D. Use AWS Resource Access Manager to share the subnets in the central VPC with the new AWS account.

Correct answer: D

Explanation

Sharing subnets via AWS Resource Access Manager (RAM) allows multiple AWS accounts to create application resources, such as EC2 instances, within the same centralized VPC. This VPC sharing model is highly cost-effective because it avoids the overhead of creating new VPCs, VPN connections, or transit gateways, and it simplifies network management. Other solutions that involve creating new VPCs or separate VPN connections introduce unnecessary infrastructure costs and complexity.