AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company deploys applications using AWS CloudFormation across multiple VPCs interconnected via a transit gateway. Traffic destined for the public internet is routed through a shared services VPC. Each VPC's subnets utilize the default VPC route table, directing traffic to the transit gateway, which in turn employs its default route table for all VPC attachments. A security audit has identified that EC2 instances within a VPC can communicate with instances in other company VPCs. To enhance security, a solutions architect must restrict this communication, allowing each VPC to interact only with a predetermined set of authorized VPCs. What measures should the solutions architect implement to achieve this restricted communication?
Explanation:
The correct answer is C. Creating a dedicated transit gateway route table for each VPC attachment allows for fine-grained control over the routing of traffic between VPCs. By implementing separate route tables, the solutions architect can specify the allowed routes for each VPC attachment. This ensures that communication between VPCs is limited to only the authorized VPCs, providing a secure and controlled network environment. This method is preferred over modifying network ACLs, security groups, or main route tables as it offers a more precise and manageable approach to control inter-VPC communication.