Design Considerations for On-Premises Application Access to AWS S3
Question
You have an on-premises application that needs access to the Simple Storage Service.
Some of the key requirements are high bandwidth for the connection, low jitter and high availability.
Which of the following option would you consider in the design?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
The AWS Documentation mentions the following.
AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS.
Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.
Options A and D are invalid because this would not be an ideal solution for low jitter.
Option B is invalid because you need a public VIF for accessing public services such as S3.
For more information on AWS Direct Connect, please visit the below URL:
https://aws.amazon.com/directconnect/In this scenario, the requirement is to provide an on-premises application with access to Amazon Simple Storage Service (S3) with high bandwidth, low jitter, and high availability. To achieve this, we need to consider different options and choose the best solution.
Option A: Use the public internet to access the S3 service. This option is not recommended as the public internet is an unreliable medium, and its performance can be unpredictable. It can lead to high latency, packet loss, and network congestion, which could result in poor application performance. Also, the public internet does not provide any security or isolation between the on-premises network and the S3 service, which can pose a security risk.
Option B: Use AWS Direct Connect with a private VIF. AWS Direct Connect is a dedicated network connection between an on-premises network and AWS. It provides a private, high-bandwidth, low-latency, and reliable connection to AWS services. Using Direct Connect, we can create a private Virtual Interface (VIF) to S3, which will ensure a secure, predictable, and consistent connection. As the VIF is private, it is isolated from the public internet and other AWS customers, providing additional security. This option is recommended.
Option C: Use AWS Direct Connect with a public VIF. This option is not recommended as it provides a direct connection to S3 over the public internet, which does not meet the requirement for low jitter and high availability. It also does not provide any security or isolation between the on-premises network and the S3 service, which can pose a security risk.
Option D: Use an IPSec VPN connection to a Virtual Private gateway. This option is also a viable solution as it provides a secure and encrypted connection between the on-premises network and AWS. However, IPSec VPNs typically have lower bandwidth and higher latency than Direct Connect, which may not meet the requirement for high bandwidth and low jitter. Moreover, VPN connectivity over the public internet is subject to network congestion and is less reliable than Direct Connect.
Therefore, the best option to consider in this scenario is B. Use AWS Direct Connect with a private VIF, as it provides a dedicated, private, secure, and high-bandwidth connection to S3 with low latency and high availability.
