You have an EC2 instance in the AWS us-east-1 region.
The application in the instance needs to access a DynamoDB table that is located in the AWS us-east-2 region.
The connection must be private without leaving the Amazon network.
The instance should not use any public IP for communication.
How would you configure this?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B.
For the private connections between regions, VPC peering should be used.
Then VPC endpoint allows users to access the DynamoDB service privately.
Option A is incorrect because you cannot configure an inter-region VPC endpoint directly.
Option B is CORRECT because the VPC endpoint should be created in consumer VPC which is in us-east-1
ENI will be created in us-east-1 which will access DynamoDB over VPC peering & AWS PrivateLink.
Option C is incorrect: This option does not mention the usage of the VPC endpoint.
Option D is incorrect: Because VPC peering supports the inter-region connections.
You can refer to the below URL for inter-region peering & endpoints.
https://d1.awsstatic.com/whitepapers/aws-privatelink.pdf https://docs.aws.amazon.com/vpc/latest/privatelink/endpoint-service-overview.htmlTo enable the EC2 instance in the us-east-1 region to access the DynamoDB table in the us-east-2 region privately without leaving the Amazon network, we need to establish a private network connection between the two regions.
There are two possible solutions for this scenario:
A VPC endpoint enables private communication between instances in a VPC and AWS services. With VPC endpoints, you can access AWS services via private network connections instead of going through the internet. You can create a VPC endpoint for DynamoDB in the us-east-1 region and use it to access the DynamoDB table in the us-east-2 region.
Steps to configure an inter-region VPC endpoint for the DynamoDB service:
VPC peering enables private communication between VPCs in different regions using private IP addresses. You can create a VPC peering connection between the VPC in the us-east-1 region and the VPC in the us-east-2 region, and configure the route tables to allow traffic to flow between the two VPCs.
Steps to create an inter-region VPC peering connection between us-east-1 and us-east-2:
Although inter-region VPC peering can be used, a VPC endpoint for DynamoDB is not required.
It is possible to set up private inter-region connections in AWS. Therefore, this option is incorrect.
In conclusion, the recommended solution to access a DynamoDB table from an EC2 instance in a different region while maintaining private communication is to use either an inter-region VPC endpoint for DynamoDB or an inter-region VPC peering connection.