AWS Direct Connect for Secure VPC Connectivity Across Regions

Secure VPC Connectivity Across Regions

Prev Question Next Question

Question

Your company has an AWS Direct connect connection in the us-west region.

They want to use a VPC via the AWS Direct Connect connection.

The VPC is located in another region.

How can you achieve this connectivity in the most secure way? Choose 2 answers from the options given below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B and C.

The AWS Documentation mentions the following.

You can create a Direct Connect gateway in any region and use it to connect your AWS Direct Connect connection over a private virtual interface to VPCs in your account that is located in different regions.

Alternatively, you can create a public virtual interface for your AWS Direct Connect connection and then establish a VPN connection to your VPC in the remote region.

Options A and D are incorrect because using a private VIF will not help the requirement.

For more information on AWS Direct Connect Remote regions, please refer to the below URL.

https://docs.aws.amazon.com/directconnect/latest/UserGuide/remote_regions.html

To establish a secure connectivity between a VPC located in a different region and an AWS Direct Connect (DX) connection, the following two options can be considered:

A. Create a private VIF from the current AWS Direct Connect Connection. With Inter-region peering, this is possible.

This option involves creating a private virtual interface (VIF) from the existing Direct Connect connection in the us-west region to the target VPC in the remote region. This can be achieved through Inter-region VPC peering. Inter-region VPC peering enables the establishment of a secure network connection between VPCs located in different regions over the AWS global network. This approach ensures secure and private connectivity between the VPCs without the need for the traffic to traverse the public internet. This approach also ensures low latency and high-bandwidth connectivity between the VPCs, which is ideal for applications that require high performance.

B. Create a Direct Connect gateway in any region.

This option involves creating a Direct Connect gateway in any region, which can be used to route traffic from the VPC in the remote region over the Direct Connect connection. Direct Connect Gateway acts as a logical entity that can be used to connect multiple VPCs that are located in different regions to a single Direct Connect connection. The Direct Connect Gateway can be attached to the VPC in the remote region, and the routing can be configured to route the traffic from the VPC over the Direct Connect connection. This approach is useful when there are multiple VPCs in different regions that need to be connected to a single Direct Connect connection.

C and D are not correct options as they involve the use of a Public VIF or VPN connection, which is not the most secure way to establish connectivity between VPCs in different regions over Direct Connect.

C. Create a Public VIF and then a VPN connection over that to the remote VPC.

This option involves creating a public VIF, which can be used to connect to the remote VPC over the public internet. This approach is not the most secure way to establish connectivity between VPCs as the traffic will traverse the public internet, making it susceptible to security threats.

D. Create a private VIF and then a VPN connection over that to the remote VPC.

This option involves creating a private VIF, which can be used to connect to the remote VPC over the Direct Connect connection. Once the private VIF is established, a VPN connection can be established over it to the remote VPC. This approach is not the most secure way to establish connectivity between VPCs over Direct Connect as it involves additional hops and introduces latency, making it unsuitable for applications that require high performance.