AWS Certified Solutions Architect - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Set up an AWS PrivateLink endpoint service for the marketing application, allowing specific AWS accounts access permissions and creating interface VPC endpoints in other accounts for private IP access.

The correct answer is C. AWS PrivateLink is designed to provide private connectivity between VPCs, AWS services, and on-premises applications without exposing data over the public internet. This solution is particularly effective for accessing services across different AWS accounts and VPCs with overlapping CIDR ranges, while maintaining private IP addresses. It also minimizes operational overhead since it does not require changes to existing network configurations, such as adding secondary CIDR ranges or setting up complex NAT gateways. Additionally, PrivateLink offers a scalable and secure way to manage inter-account access permissions.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company with multiple business units, each having separate AWS accounts and overlapping CIDR ranges in their VPCs, needs to make a new internal application created by the marketing team accessible to all other business units using private IP addresses only. What is the most operationally efficient solution to achieve this?

Exam-Like

Add a unique secondary CIDR range to each business unit's VPC, peer the VPCs, and use a private NAT gateway in the secondary range for routing traffic to the marketing team.

0.0%

Deploy an Amazon EC2 instance as a virtual appliance in the marketing team's VPC and establish an AWS Site-to-Site VPN connection with each business unit's VPC, performing NAT where necessary.

0.0%

Set up an AWS PrivateLink endpoint service for the marketing application, allowing specific AWS accounts access permissions and creating interface VPC endpoints in other accounts for private IP access.

100.0%

Deploy a Network Load Balancer (NLB) in front of the marketing application within a private subnet, create an API Gateway API with Amazon API Gateway private integration to the NLB, enable IAM authorization for the API, and grant access to other business unit accounts.