Amazon AWS Exam: ANS-C01 - Networking Specialty

AWS VPC Document Server Access Control

Prev Question Next Question

Question

Your company has just set up a new document server on it's AWS VPC, and it has four very important clients that it wants to give access to.

These clients also have VPCs on AWS and it is through these VPCs that they will be given accessibility to the document server.

In addition, each of the clients should not have access to any of the other clients' VPCs.

Choose the correct answer from the options below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Answer - A.

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses.

Instances in either VPC can communicate with each other as if they are within the same network.

You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account within a single region.

There is no need to setup client VPC peering between each other because this is a clear requirement in the question, hence option C is wrong.

There is no need to block IP's hence Option B is wrong.

VPC peering needs to have the basic functionality that the CIDR's should not overlap, hence option D is wrong.

For more information on VPC Peering please see the below link:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html

The correct answer for this scenario is option B: Set up VPC peering between your company's VPC and each of the clients' VPCs, but block the IPs from CIDR of the clients' VPCs to deny them access to each other.

Explanation: To give the four important clients access to the new document server on your company's AWS VPC, VPC peering can be set up between your company's VPC and each of the client's VPCs. VPC peering is a connection between two VPCs that enables the instances in each VPC to communicate with each other as if they are on the same network.

However, to ensure that each of the clients does not have access to the other client's VPCs, the IP addresses of the client's VPCs should be blocked using CIDR (Classless Inter-Domain Routing) blocks. CIDR is a method of allocating IP addresses and routing Internet Protocol packets, and it allows for the creation of smaller subnets within a larger network.

By blocking the IPs from CIDR of the clients' VPCs, you can deny them access to each other's VPCs, while still allowing them to access the document server on your company's VPC. This ensures that each of the clients' VPCs remains isolated and secure.

Option A, which is setting up VPC peering between your company's VPC and each of the client's VPCs without blocking the IPs, could result in security breaches as each of the clients would have access to each other's VPCs.

Option C, which is setting up VPC peering between your company's VPC and each of the client's VPCs without blocking the IPs, could result in security breaches as each of the clients would have access to each other's VPCs.

Option D, which is setting up VPC peering between each of the clients' VPCs to speed up access time, is not necessary in this scenario as the main goal is to give the clients access to your company's VPC.

Option E, which is setting up all the VPCs with the same CIDR and having your company's VPC as a centralized VP, is not advisable as it could result in IP conflicts and difficulty in managing the network.