AWS Certified Advanced Networking - Specialty: VPN Connection and Transit VPC Solution

AWS VPN Connection and Transit VPC Solution

Prev Question Next Question

Question

Your company has set up a VPN connection between their on-premises infrastructure and AWS.

They have multiple VPCs defined with inter-communication between the VPCs being enabled.

They also need to ensure that all traffic flows through a transit VPC from their on-premises infrastructure.

How would you architect the solution? Choose 2 answers from the options given below.

Answers

A. Create a VPN connection between the on-premises environment and the transit VP.

B. Create a VPN connection between the On-premises environment to all other VPCs.

C. Create a VPN connection between the transit VPC to all other VPCs.

D. Create a VPC peering connection between the transit VPC and all other VPCs.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A and C.

This is a design that incorporates a transit VPC.

The below diagram from the AWS documentation demonstrates this.

Option B is incorrect since this would go against the concept of the Transit VPC.Option D is incorrect since transitive routing is not possible across peering connections from a VPN connection.

For more information on the transit VPC, one can visit the below URL.

https://docs.aws.amazon.com/aws-technical-content/latest/aws-vpc-connectivity-options/transit-vpc.html

$corporate data center(s) \ as J$

The architecture for the solution would involve creating a transit VPC and establishing VPN connections between the on-premises environment, transit VPC, and other VPCs. The goal is to ensure that all traffic flows through the transit VPC from the on-premises infrastructure.

Answer A: Create a VPN connection between the on-premises environment and the transit VPC. This is a necessary step to establish connectivity between the on-premises environment and the transit VPC. The VPN connection can be set up using AWS VPN services such as AWS VPN Gateway or a third-party VPN solution.

Answer C: Create a VPN connection between the transit VPC to all other VPCs. This will enable traffic to flow between the transit VPC and other VPCs. By establishing VPN connections between the transit VPC and other VPCs, all traffic can be routed through the transit VPC.

Answer B: Create a VPN connection between the on-premises environment to all other VPCs. This is not necessary as all traffic can be routed through the transit VPC. Creating VPN connections between the on-premises environment and other VPCs would create a complex network topology and result in additional overhead and management.

Answer D: Create a VPC peering connection between the transit VPC and all other VPCs. This is also not necessary as VPC peering connections do not support routing of traffic from one VPC to another. In addition, creating peering connections between all VPCs would create a complex network topology and increase management overhead.

In conclusion, the correct answers are A and C. By establishing VPN connections between the on-premises environment, transit VPC, and other VPCs, all traffic can be routed through the transit VPC. This will simplify the network topology and make it easier to manage.

Prev Question Next Question