HikeHills.com (HH) is an online specialty retailer that sells clothing and outdoor refreshment gear for trekking, go camping, boulevard biking, mountain biking, rock hiking, ice mountaineering, skiing, avalanche protection, snowboarding, fly fishing, kayaking, rafting, road and trace running, and many more. HHruns their entire online infrastructure on multiple java based web applications and other web framework applications running on AWS.
The HH is capturing click stream data and use custom- build recommendation engine to recommend products which eventually improve sales, understand customer preferences and already using AWS Kinesis Streams (KDS) to collect events and transaction logs and process the stream.
Multiple departments from HH use different streams to address real-time integration and induce analytics into their applications and uses Kinesis as the backbone of real-time data integration across the enterprise. HHuses a VPC to host all their applications and is looking at integration of kinesis into their web application.
What is the best approach of integration to keep the traffic between your Amazon VPC and Kinesis Data Streams from leaving the Amazon network?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A.
Option A is correct.
Use an interface VPC endpoint to keep traffic between your Amazon VPC and Kinesis Data Streams from leaving the Amazon network.
Interface VPC endpoints don't require an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.
Interface VPC endpoints are powered by AWS PrivateLink, an AWS technology that enables private communication between AWS services using an elastic network interface with private IPs in your Amazon VPC
https://docs.aws.amazon.com/streams/latest/dev/vpc.htmlOption B is incorrect.
Once we are using internet gateway, NAT device, VPN connection, or AWS Direct Connect connection, the traffic will be leaving the network
https://docs.aws.amazon.com/streams/latest/dev/vpc.htmlOption C is incorrect.
this is not a default feature.
It has to be linked with interface VPC endpoints
https://docs.aws.amazon.com/streams/latest/dev/vpc.htmlThe best approach for integrating Kinesis Data Streams into an Amazon VPC to ensure that traffic stays within the Amazon network is to use Interface VPC Endpoints.
Interface VPC endpoints enable private connections between VPCs and AWS services that are powered by AWS PrivateLink. PrivateLink provides secure and scalable connectivity between VPCs and AWS services, without requiring the traffic to traverse the internet, a NAT device, VPN connection, or AWS Direct Connect connection.
Using Interface VPC Endpoints, HH can create a private endpoint within their VPC to connect to Kinesis Data Streams without using an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. This keeps the traffic between Amazon VPC and Kinesis Data Streams from leaving the Amazon network, which enhances security, reduces latency, and saves bandwidth costs.
Option B is incorrect because using an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection to keep the traffic between Amazon VPC and Kinesis Data Streams from leaving the Amazon network is not the best approach because it does not provide a private and secure connection between VPCs and AWS services.
Option C is incorrect because although network traffic is local within an Amazon VPC, it is not private and secure by default.
Therefore, the correct answer is option A, which is to use Interface VPC Endpoints to keep traffic between Amazon VPC and Kinesis Data Streams from leaving the Amazon network.