AWS Certified Solutions Architect – Professional — Question 773

A company wants to move its three-stage web application to the AWS Cloud. The three stages are development, test, and production. Each stage must use its own dedicated VPC. The company wants to access the stages through IPsec connections from the company's main office location.

Which combination of steps should a solutions architect implement in the network design to meet these requirements? (Choose three.)

Answer options

• A. Create a dedicated networking VPC that includes a virtual private gateway.
• B. Create a transit gateway. Attach all the VPCs to the transit gateway.
• C. Create security groups in each VPC to control access to and from the application resources.
• D. Create a customer gateway. Create a VPN connection. Attach the VPN connection to the transit gateway by specifying the customer gateway.
• E. Create a customer gateway. Create a VPN connection. Attach the VPN connection to the virtual private gateway by specifying the customer gateway.
• F. Create security groups for the transit gateway to control network access to the application resources.

Correct answer: B, C, D

Explanation

AWS Transit Gateway simplifies network topology by acting as a cloud router, allowing you to connect multiple VPCs and route traffic through a single VPN connection attached to it (B and D). Security groups are applied at the resource level within each VPC to restrict and control network traffic (C). Using a virtual private gateway (A and E) is less scalable as it would require separate VPN connections for each VPC, and security groups cannot be applied directly to a transit gateway itself (F).