A company needs to access a service provided by a consultant company.
The service from the consultant company and the application of the primary company exist in their respective VPCs.The VPC's are located in different regions.What steps are needed to establish communication between these VPCs such that data should not traverse via the Internet? Choose 2 answers from the options below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A and C.
Option B is incorrect since, for VPC Endpoint interfaces, they have to be in the same region.
Option D is incorrect since the traffic will traverse via the Internet.
The AWS Documentation mentions the following.
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately.
Instances in either VPC can communicate with each other as if they are within the same network.
You can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region.
For more information on AWS Direct Connect and VPC peering, please refer to the below URL-
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-peering.htmlThe 2 answers provided for the question are correct.
Let me explain to you the reason behind it.
1
Both Primary & Consultant company are existing within their own VPCs in different AWS Regions.
In order to have the connection among them, we create VPC Peering across the region.
Hence,
Option A is the correct answer.
https://aws.amazon.com/about-aws/whats-new/2017/11/announcing-support-for-inter-region-vpc-peering/ https://aws.amazon.com/blogs/aws/new-almost-inter-region-vpc-peering/2
Please refer to the below link, section "Two VPCs with Multiple CIDRs Peered Together," for further details.
https://docs.aws.amazon.com/vpc/latest/peering/peering-configurations-full-access.html#many-vpcs-full-accessThe scenario describes two VPCs that are located in different regions and owned by different companies. The primary company needs to access a service provided by a consultant company without traversing data over the internet. The following two answers are the correct steps to establish communication between these VPCs:
A. Create a VPC peering between the VPCs in the primary company and consultant company's account.
VPC peering is a networking connection between two VPCs that enables instances in either VPC to communicate with each other as if they are within the same network. VPC peering is a private and secure way of communicating between VPCs. To establish a VPC peering, the two VPCs must not have overlapping CIDR blocks. Once the VPC peering is established, the route tables for each VPC should be modified to point to the VPC peering connection to access all the IPv4 CIDR blocks of the peer VPC.
C. Modify the route tables for each VPC point to the VPC peering connection to access all the IPv4 CIDR blocks of the peer VPC (either way).
After creating the VPC peering connection, the route tables for each VPC should be updated to point to the VPC peering connection to access all the IPv4 CIDR blocks of the peer VPC. This allows traffic to flow between the VPCs using private IP addresses. The modification of the route tables is done in the VPC console.
Option B is incorrect because creating a Network Load Balancer and a VPC Endpoint would not establish communication between the VPCs. The VPC Endpoint would allow access to the service provided by the consultant company within the same VPC, but not between VPCs.
Option D is incorrect because an IPSec Virtual Private Network ( VPN) connection is used to establish a secure, encrypted connection between two networks over the internet. However, the question specifically states that the data should not traverse over the internet. Therefore, establishing an IPSec VPN connection is not a viable solution in this case.