AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A company consists of 20 service teams, each managing a unique microservice within its own AWS account and VPC using the 192.168.0.0/22 CIDR block. These accounts are managed through AWS Organizations. Each team deploys their microservice on several Amazon EC2 instances, which are fronted by an Application Load Balancer. Currently, these microservices communicate with each other via the public internet. However, the company's security team has introduced a new policy requiring that all inter-microservice communications must be secured with HTTPS and routed through private network connections, avoiding the public internet. A DevOps engineer is tasked with implementing a solution that adheres to these security guidelines while minimizing the impact on each service team's infrastructure. Which solution should the engineer implement to achieve this?
A
Create a new AWS account in AWS Organizations. Create a VPC in this account, and use AWS Resource Access Manager to share the private subnets of this VPC with the organization. Instruct the service teams to launch a new Network Load Balancer (NLB) and EC2 instances that use the shared private subnets. Use the NLB DNS names for communication between microservices.
B
Create a Network Load Balancer (NLB) in each of the microservice VPCs. Use AWS PrivateLink to create VPC endpoints in each AWS account for the NLBs. Create subscriptions to each VPC endpoint in each of the other AWS accounts. Use the VPC endpoint DNS names for communication between microservices.
C
Create a Network Load Balancer (NLB) in each of the microservice VPCs. Create VPC peering connections between each of the microservice VPCs. Update the route tables for each VPC to use the peering links. Use the NLB DNS names for communication between microservices.
D
Create a new AWS account in AWS Organizations. Create a transit gateway in this account, and use AWS Resource Access Manager to share the transit gateway with the organization. In each of the microservice VPCs, create a transit gateway attachment to the shared transit gateway. Update the route tables of each VPC to use the transit gateway. Create a Network Load Balancer (NLB) in each of the microservice VPCs. Use the NLB DNS names for communication between microservices.