A large company operates workloads across hundreds of AWS accounts, with each account containing VPCs that include both public and private subnets spanning multiple Availability Zones. NAT gateways are established in the public subnets to facilitate internet access from the private subnets. A solutions architect is tasked with implementing a hub-and-spoke network architecture where all private subnets in the spoke VPCs must route internet-bound traffic through an egress VPC. The architect has already set up a NAT gateway in the egress VPC within a central AWS account. What additional steps should the solutions architect implement to fulfill these connectivity requirements?

Exam-Like

Establish VPC peering connections between the egress VPC and the spoke VPCs, and configure the necessary routing to enable internet access.

14.3%

Deploy a transit gateway and share it across the existing AWS accounts, attaching the existing VPCs to the transit gateway, and configuring the necessary routing to enable internet access.

42.9%

Deploy a transit gateway in each AWS account, attach the NAT gateway to these transit gateways, and configure the necessary routing to enable internet access.

42.9%

Set up an AWS PrivateLink connection between the egress VPC and the spoke VPCs, and configure the necessary routing to enable internet access.

0.0%

AWS Certified Solutions Architect - Professional

Get started today

Comments