A large telecom company has created Fifteen VPC in different regions for deploying its IT servers.
This VPC is created for each department like Accounts, Finance, Sales, Pre-Sales, HR.
A Central VPC is created which host servers accessed from all other VPC.
There is an additional requirement of servers in Accounts VPC communicating with servers in Finance VPC.
IT Head wants you to ensure proper isolation between VPC & no additional reachability, including the internet, should be established.
Which of the following solution will meet this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.Correct Answer - A.
Partial mesh configuration on VPC can be used to connect VPC with Central VPC so that all VPC can connect to servers in central VPC.
With Partial Mesh configuration on VPC, there would not be communication between all other VPCs.
Since there are additional connectivity requirements between Finance & Account VPC, an additional peering can be established between these two VPC.Option B & Care incorrect as creating a full mesh configuration between all VPC will allow communication between all VPC.Option D is incorrect as a VPN connection will be internet which is against the requirement.
For more information on VPC Peering options, refer to the following URLs.
https://aws.amazon.com/answers/networking/aws-multiple-region-multi-vpc-connectivity/ https://aws.amazon.com/answers/networking/aws-single-region-multi-vpc-connectivity/The requirement is to allow communication between the servers in the Accounts VPC and the Finance VPC while maintaining proper isolation between the VPCs without additional reachability.
A. Create a Partial Mesh configuration on VPC Peering between Central VPC & all other VPCs. Create an additional VPC Peering between Accounts & Finance VPC for communication between them.
This option proposes to create a Partial Mesh configuration on VPC Peering between Central VPC and all other VPCs, which means that each VPC will have a VPC Peering connection with every other VPC except itself. Additionally, it suggests creating an additional VPC Peering connection between the Accounts and Finance VPCs for communication between them. This option meets the requirement by allowing communication between the Accounts and Finance VPCs while maintaining isolation between the VPCs without additional reachability.
B. Create a Full Mesh configuration on VPC Peering between all VPCs.
This option proposes to create a Full Mesh configuration on VPC Peering between all VPCs, which means that each VPC will have a VPC Peering connection with every other VPC, including itself. This option does not meet the requirement since it allows additional reachability, which violates the requirement for proper isolation.
C. Create Partial mesh configuration on VPC peering between Central, Finance & Accounts VPC.
This option proposes to create a Partial Mesh configuration on VPC Peering between Central, Finance, and Accounts VPCs, which means that each VPC will have a VPC Peering connection with Central VPC and other VPCs except itself. This option meets the requirement by allowing communication between the Accounts and Finance VPCs while maintaining isolation between the VPCs without additional reachability.
D. Create a full VPC peering between Central VPC & all other VPC.
This option proposes to create a Full Mesh configuration on VPC Peering between Central VPC and all other VPCs, which means that each VPC will have a VPC Peering connection with every other VPC, including itself. This option does not meet the requirement since it allows additional reachability, which violates the requirement for proper isolation.
E. Create a VPN Connection between instances in Accounts & Finance VPC.
This option proposes to create a VPN connection between instances in the Accounts and Finance VPCs. This option meets the requirement by allowing communication between the Accounts and Finance VPCs while maintaining isolation between the VPCs without additional reachability.
F. Create a partial VPC peering between Central VPC & all other VPC.
This option proposes to create a Partial Mesh configuration on VPC Peering between Central VPC and all other VPCs, which means that each VPC will have a VPC Peering connection with Central VPC and other VPCs except itself. This option is similar to option A and meets the requirement by allowing communication between the Accounts and Finance VPCs while maintaining isolation between the VPCs without additional reachability.
In conclusion, options A, C, E, and F are valid solutions to meet the requirement. Among them, option A and option C suggest creating a Partial Mesh configuration on VPC Peering between Central VPC and other VPCs, which is a more scalable and manageable solution than creating individual VPN connections between VPCs.