AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A company deploys applications using AWS CloudFormation across multiple VPCs interconnected via a transit gateway. Traffic destined for the public internet is routed through a shared services VPC. Each VPC's subnets utilize the default VPC route table, directing traffic to the transit gateway, which in turn employs its default route table for all VPC attachments. A security audit has identified that EC2 instances within a VPC can communicate with instances in other company VPCs. To enhance security, a solutions architect must restrict this communication, allowing each VPC to interact only with a predetermined set of authorized VPCs. What measures should the solutions architect implement to achieve this restricted communication?
A
Modify the network ACLs of each subnet in a VPC to permit outbound traffic solely to the authorized VPCs, and eliminate all deny rules except for the default deny rule.
B
Adjust the security groups within a VPC to block outbound traffic to security groups associated with unauthorized VPCs.
C
Establish a dedicated transit gateway route table for each VPC attachment, ensuring that traffic is directed only to the authorized VPCs.
D
Amend the main route table of each VPC to ensure traffic is routed exclusively to the authorized VPCs via the transit gateway.