Designing a Scalable Solution for Inter-VPC Connectivity in AWS

Implementing High Availability and Scalability for Inter-VPC Connectivity

Prev Question Next Question

Question

Each division within a start-up organization has a separate account & has created a separate VPC for deploying its servers.

They have a regional office having existing internet links over which they are planning to access these servers for management purposes.

All servers between these VPC need to have connectivity established between them.

The CTO of this fastest growing startup is looking for a fully managed high available & scalable solution considering future growth in the number of VPCs. Which of the following design approaches can be implemented to meet this requirement?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - D.

Transit gateway can be deployed to have full-mesh connectivity between multiple VPC & on-premises connectivity either via VPC connection or AWS Direct Connect connections.

It is a fully managed service providing high availability & scalability for an increase in the number of VPC in the future.

Option A is incorrect as VPC peering can be done for a small number of VPC.

There would be additional overhead for a large number of VPC to implement & manage multiple peering connections.

Option B is incorrect as Creating a VPN connection with all VPC is not a viable solution.

The VPN connection can be created with transit Gateway through which it can communicate with all VPCs.

Option C is incorrect as VPN connections need to be created with the Transit gateway & not to a VPC.For more information on AWS Transit Gateway, refer to the following URL.

https://aws.amazon.com/transit-gateway/features/

The requirement is to establish connectivity between VPCs deployed in different accounts and enable management access from a regional office. The design should be scalable, highly available and fully managed.

Option A: Create VPC Peering between all these VPCs & Create a single VPN connection from the regional office to one of the VPC. This option involves creating VPC peering connections between all VPCs, which will allow communication between them. A single VPN connection is then established from the regional office to one of the VPCs to enable management access. However, this approach has some limitations, such as the maximum number of VPC peering connections that can be created and the complexity of managing multiple VPN connections.

Option B: Create VPC Peering between all these VPCs & Create multiple VPN connections from regional offices to each of the VPC to which it needs to communicate. This option involves creating VPC peering connections between all VPCs and multiple VPN connections from the regional office to each of the VPCs to enable management access. While this approach may work, it can become complex and difficult to manage as the number of VPCs grows.

Option C: Create a Transit Gateway with all VPC attached to it & create a single VPN connection from the regional office to one of the VP. This option involves creating a Transit Gateway and attaching all VPCs to it. A single VPN connection is then established from the regional office to one of the VPCs. The Transit Gateway simplifies the network architecture and allows for future scalability. Additionally, a single VPN connection is easier to manage than multiple VPN connections.

Option D: Create a Transit Gateway with all VPC attached to it & create a single VPN connection from the regional office to Transit Gateway. This option is similar to option C, with the exception that the VPN connection is established to the Transit Gateway rather than to one of the VPCs. This approach has the advantage of providing centralized management and control, as all traffic between the regional office and VPCs flows through the Transit Gateway.

Therefore, option C or D are the best options to meet the requirement of establishing connectivity between VPCs and enabling management access from a regional office while being scalable, highly available, and fully managed. The choice between C and D would depend on specific requirements and constraints.