AWS Private Connections for Secure and Low-Latency Traffic

Create Private Connections from On-Premises AWS Infrastructure to the Cloud | SCS-C01 Exam Answer

Prev Question Next Question

Question

A company is planning to create private connections from on-premises AWS Infrastructure to the AWS Cloud.

They need to have a solution that would give core benefits of traffic encryption and ensure latency is kept to a minimum.

Which of the following would help fulfill this requirement? Choose 2 answers from the options given below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A and D.

The AWS Documentation mentions the following which supports the above requirements.

Option B is invalid because VPC peering is only used for connection between VPCs and cannot be used to connect On-premises infrastructure to the AWS Cloud.

Option C is invalid because NAT gateways are used to connect instances in a private subnet to the Internet.

For more information on VPN Connections, please visit the following URL:

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpn-connections.html
VPN Connections ‘You can connect your Amazon VPC to remote networks by using a VPN connection. The following are some of the connectivity options available to you. VPN conne: Description ‘You can create an IPsec VPN connection between your VPC and your remote network. On the AWS side of the VPN connection, a virtual private gateway provides two VPN endpoints (tunnels) for automatic failover. You configure your customer gateway on the remote side of the VPN connection. For more information, see AWS Managed VPN Connections, and the Amazon VPC Network Administrator Guide. Ifyou have more than one remote network (for example, multiple branch offices), you can create multiple AWS managed AWS VPN CloudHub VPN connections via your virtual private gateway to enable communication between these networks. For more information, see Providing Secure Communication Between Sites Using VPN CloudHub. You can create a VPN connection to your remote network by using an Amazon EC2 instance in your VPC that's running a Third party software VPN __ third party software VPN appliance. AWS does not provide or maintain third party software VPN appliances; however, you appliance can choose from a range of products provided by partners and open source communities. Find third party software VPN appliances on the AWS Marketplace. You can also use AWS Direct Connect to create a dedicated private connection from a remote network to your VPC. You can combine this connection ‘with an AWS managed VPN connection to create an [Psec-encrypted connection. For more information, see What is AWS Direct Connect? in the AWS Direct Connect User Guide . For more information about the different VPC and VPN connectivity options, see the Amazon Virtual Private Cloud Connectivity Options whitepaper.

The two solutions that would fulfill the requirements of providing traffic encryption and keeping latency to a minimum when creating private connections from on-premises AWS infrastructure to the AWS Cloud are AWS VPN and AWS Direct Connect.

AWS VPN: AWS VPN is a virtual private network that provides a secure, encrypted connection between the on-premises infrastructure and the AWS Cloud. It uses the Internet to establish a connection, and it is easy to set up and manage. AWS VPN provides the following benefits:

  1. Encryption: AWS VPN uses IPsec to provide strong encryption for all traffic between the on-premises infrastructure and the AWS Cloud.

  2. Low Latency: AWS VPN provides low latency as it uses optimized network paths to ensure that traffic between the on-premises infrastructure and the AWS Cloud is fast and responsive.

AWS Direct Connect: AWS Direct Connect is a dedicated network connection that provides a private, high-bandwidth connection between the on-premises infrastructure and the AWS Cloud. It is a good option for organizations that require a dedicated, high-speed connection to the AWS Cloud. AWS Direct Connect provides the following benefits:

  1. Encryption: AWS Direct Connect uses encryption to provide secure connectivity between the on-premises infrastructure and the AWS Cloud.

  2. Low Latency: AWS Direct Connect provides low latency as it is a dedicated, private connection that is not subject to the potential latency issues of the public Internet.

AWS VPC Peering: AWS VPC Peering is a service that allows you to connect two VPCs in the same or different regions. It does not provide traffic encryption, but it does provide low latency as the traffic between the VPCs does not leave the AWS network.

AWS NAT Gateways: AWS NAT Gateways are used to provide Internet access to resources in a private subnet. They do not provide traffic encryption, and they do not provide low latency as they introduce an additional network hop for traffic leaving the private subnet.

In summary, AWS VPN and AWS Direct Connect are the two solutions that would fulfill the requirements of providing traffic encryption and keeping latency to a minimum when creating private connections from on-premises AWS infrastructure to the AWS Cloud.

Prev Question Next Question