AWS Certified Solutions Architect - Professional

The question is about finding a solution that allows on-premises servers to connect to VPC B with the least operational effort, given that Example Corp. has already peered VPC A and VPC B and has set up network ACLs and security groups correctly. The answer provided is A.

The explanation for choosing option A is as follows:

Option A involves creating a transit gateway and attaching the Site-to-Site VPN, VPC A, and VPC B to it. The transit gateway is a managed service that enables you to route network traffic between your VPCs and on-premises networks. By attaching all the required networks to the transit gateway, you can simplify the routing configuration and achieve the desired connectivity with minimal operational effort.

In this scenario, you would update the transit gateway route tables to include transit route propagation (TRP) for all networks, which allows the transit gateway to automatically propagate routes between the attached networks. This means that you do not need to manually configure routes for each network, reducing the operational effort required.

The other options involve more complex configurations or manual route updates, which would require more operational effort:

• Option B requires creating a new Site-to-Site VPN connection between the on-premises network and VPC B, connecting it to the transit gateway, and configuring additional routes and authorization rules.
• Option C involves updating route tables for all three networks and configuring BGP propagation, which can take up to 5 minutes to complete.
• Option D suggests modifying the Site-to-Site VPN's virtual private gateway definition and splitting the routers between the two VPCs, which is a more complex and less efficient solution.

Therefore, option A is the most efficient and least operationally intensive solution for connecting on-premises servers to VPC B while leveraging the existing peering between VPC A and VPC B.