AWS Certified Advanced Networking - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Connect the AWS customer VPCs to a shared transit gateway. Use AWS Site-to-Site VPN connections to the transit gateway for the on-premises customers

The question revolves around a SaaS company migrating to AWS, needing to ensure AWS customers can access the SaaS application directly from their VPCs, while on-premises customers continue to connect via IPsec encrypted tunnels. Option A suggests using a shared transit gateway for AWS customer VPCs and AWS Site-to-Site VPN connections for on-premises customers. This solution is scalable and simplifies routing and segmentation, making it easier to manage as the number of customers grows. Option B proposes using AWS PrivateLink for AWS customers and a third-party routing appliance for on-premises connections. While AWS PrivateLink provides secure and private connectivity, introducing a third-party appliance adds complexity and potential points of failure. Option C involves peering each AWS customer's VPC to the SaaS application's VPC and creating Site-to-Site VPN connections on the SaaS VPC virtual private gateway. This approach does not scale well with a growing number of customers due to the complexity and management overhead. Option D suggests using Site-to-Site VPN tunnels for both AWS and on-premises customers, which does not meet the requirement for AWS customers to access the SaaS application directly from their VPCs. Therefore, the best solution is Option A, as it meets all the requirements efficiently and is scalable.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Connect the AWS customer VPCs to a shared transit gateway. Use AWS Site-to-Site VPN connections to the transit gateway for the on-premises customers

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A SaaS company is transitioning its private SaaS application to AWS. The company has numerous customers connecting to multiple data centers via VPN tunnels. As the customer base has expanded, managing routing, segmentation, and complex NAT rules has become increasingly challenging.

After migrating to AWS, the company's AWS-based customers need direct access to the SaaS application from their VPCs, while on-premises customers must continue accessing the application through IPsec-encrypted tunnels.

What solution will fulfill these requirements?

Exam-Like

Connect the AWS customer VPCs to a shared transit gateway. Use AWS Site-to-Site VPN connections to the transit gateway for the on-premises customers

75.0%

Use AWS PrivateLink to connect the AWS customers. Use a third-party routing appliance in the SaaS application VPC to terminate onpremises Site-to-Site VPN connections.

25.0%

Peer each AWS customer's VPCs to the VPC that hosts the SaaS application. Create AWS Site-to-Site VPN connections on the SaaS VPC virtual private gateway.

Use Site-to-Site VPN tunnels to connect each AWS customer's VPCs to the VPC that hosts the SaaS application. Use AWS Site-to-Site VPN to connect the on-premises customers.