Secure and Reliable On-Premise Connectivity
Question
Your company has asked you to connect their on-premise environment to AWS.
The traffic must be encrypted and reliability should be ensured.
There is a requirement to access S3 resources in AWS from the on-premise environment.
Which of the below ways can be used to fulfil this requirement.
Choose 2 answers from the options given below.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A and D.
The AWS documentation mentions the following.
You can create an IPsec VPN connection between your VPC and your remote network.
On the AWS side of the VPN connection, a virtual private gateway provides two VPN endpoints (tunnels) for automatic failover.
You configure your customer gateway on the remote side of the VPN connection.
You must create a virtual interface to begin using your AWS Direct Connect connection.
You can create a private virtual interface to connect to your VPC, or you can create a public virtual interface to connect to AWS services that aren't in a VPC, such as Amazon S3 and Amazon Glacier.
You can configure multiple virtual interfaces on a single AWS Direct Connect connection.
For more information on VPN connections please refer to the below URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpn-connections.htmlFor more information on Virtual interfaces please refer to the below URL:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.htmlTo connect an on-premise environment to AWS, there are several options available. However, since the requirement is to ensure encryption and reliability while also accessing S3 resources from the on-premise environment, we can consider the following two options:
A. Create a VPN connection: A Virtual Private Network ( VPN) can be used to create an encrypted tunnel between the on-premise environment and AWS. This tunnel can be used to transfer data securely between the two environments, including accessing S3 resources in AWS from the on-premise environment. AWS provides two types of VPN connections: Site-to-Site VPN and Client VPN. Site-to-Site VPN creates a secure connection between the on-premise environment and AWS over the internet. On the other hand, Client VPN provides secure remote access to resources in AWS, including S3 resources.
B. Create a Direct Connect connection with a private virtual interface: Direct Connect is a dedicated network connection from the on-premise environment to AWS. It provides a more reliable and faster connection than VPN over the internet. Direct Connect can be used to create a private virtual interface that connects the on-premise environment to a Virtual Private Cloud (VPC) in AWS. The private virtual interface ensures that the connection is encrypted, and S3 resources can be accessed securely from the on-premise environment.
Option C: Create a Direct Connect connection with a hosted virtual interface can be eliminated because it is used to connect to services outside of the VPC, and since the requirement is to access S3 resources, a hosted virtual interface is not required.
Option D: Create a Direct Connect connection with a public virtual interface can be eliminated because it provides access to public AWS services only, and since the requirement is to access S3 resources, a public virtual interface is not required.
In summary, options A and B can be used to fulfill the requirement of connecting the on-premise environment to AWS, ensuring encryption, and accessing S3 resources securely.
