AWS Networking Solutions for Secure and Reliable On-Premise Connectivity

Secure and Reliable On-Premise Connectivity

Prev Question Next Question

Question

Your company has asked you to connect their on-premise environment to AWS.

The traffic must be encrypted and reliability should be ensured.

There is a requirement to access S3 resources in AWS from the on-premise environment.

Which of the below ways can be used to fulfil this requirement.

Choose 2 answers from the options given below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A and D.

The AWS documentation mentions the following.

You can create an IPsec VPN connection between your VPC and your remote network.

On the AWS side of the VPN connection, a virtual private gateway provides two VPN endpoints (tunnels) for automatic failover.

You configure your customer gateway on the remote side of the VPN connection.

You must create a virtual interface to begin using your AWS Direct Connect connection.

You can create a private virtual interface to connect to your VPC, or you can create a public virtual interface to connect to AWS services that aren't in a VPC, such as Amazon S3 and Amazon Glacier.

You can configure multiple virtual interfaces on a single AWS Direct Connect connection.

For more information on VPN connections please refer to the below URL:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpn-connections.html

For more information on Virtual interfaces please refer to the below URL:

http://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html

To connect an on-premise environment to AWS, there are several options available. However, since the requirement is to ensure encryption and reliability while also accessing S3 resources from the on-premise environment, we can consider the following two options:

A. Create a VPN connection: A Virtual Private Network ( VPN) can be used to create an encrypted tunnel between the on-premise environment and AWS. This tunnel can be used to transfer data securely between the two environments, including accessing S3 resources in AWS from the on-premise environment. AWS provides two types of VPN connections: Site-to-Site VPN and Client VPN. Site-to-Site VPN creates a secure connection between the on-premise environment and AWS over the internet. On the other hand, Client VPN provides secure remote access to resources in AWS, including S3 resources.

B. Create a Direct Connect connection with a private virtual interface: Direct Connect is a dedicated network connection from the on-premise environment to AWS. It provides a more reliable and faster connection than VPN over the internet. Direct Connect can be used to create a private virtual interface that connects the on-premise environment to a Virtual Private Cloud (VPC) in AWS. The private virtual interface ensures that the connection is encrypted, and S3 resources can be accessed securely from the on-premise environment.

Option C: Create a Direct Connect connection with a hosted virtual interface can be eliminated because it is used to connect to services outside of the VPC, and since the requirement is to access S3 resources, a hosted virtual interface is not required.

Option D: Create a Direct Connect connection with a public virtual interface can be eliminated because it provides access to public AWS services only, and since the requirement is to access S3 resources, a public virtual interface is not required.

In summary, options A and B can be used to fulfill the requirement of connecting the on-premise environment to AWS, ensuring encryption, and accessing S3 resources securely.