AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company consists of 20 service teams, each managing a unique microservice within its own AWS account and VPC using the 192.168.0.0/22 CIDR block. These accounts are managed through AWS Organizations. Each team deploys their microservice on several Amazon EC2 instances, which are fronted by an Application Load Balancer. Currently, these microservices communicate with each other via the public internet. However, the company's security team has introduced a new policy requiring that all inter-microservice communications must be secured with HTTPS and routed through private network connections, avoiding the public internet. A DevOps engineer is tasked with implementing a solution that adheres to these security guidelines while minimizing the impact on each service team's infrastructure. Which solution should the engineer implement to achieve this?
Explanation:
The correct answer is B. AWS PrivateLink is designed to securely connect VPCs in different accounts using private IP addresses, thereby avoiding the public internet. Creating Network Load Balancers (NLBs) in each microservice VPC and setting up VPC endpoints via PrivateLink allows secure communication using private network connections. This approach adheres to the new security guidelines and minimizes changes to each service team's existing setup. Options A and D suggest creating new shared resources which introduce additional complexity. Option C involves VPC peering, which does not work well with overlapping CIDR blocks.