AWS Certified Advanced Networking - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Enable transit gateway appliance mode on the VPC attachment in the shared VPC.

The issue described involves the transit gateway dropping traffic between two Availability Zones when routing through a stateful firewall appliance in a shared VPC. The key to resolving this issue with the least management overhead lies in understanding how transit gateway appliance mode works. Transit gateway appliance mode is designed to simplify the routing of traffic through a centralized appliance, such as a firewall, by ensuring that traffic is routed through the appliance in both directions (ingress and egress) without requiring complex routing configurations. Enabling transit gateway appliance mode on the VPC attachment in the shared VPC (Option C) would ensure that all traffic between VPC A and VPC B is routed through the firewall appliance for inspection, regardless of the Availability Zones involved. This solution leverages the existing infrastructure and does not require the creation of additional VPN tunnels or VPC peering connections, thus minimizing management overhead.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Enable transit gateway appliance mode on the VPC attachment in the shared VPC.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company operates hundreds of Amazon EC2 instances across two production VPCs (VPC A and VPC B) in all Availability Zones of the us-east-1 Region. To comply with a new security regulation, all traffic between the production VPCs must be inspected before reaching its destination. The company has implemented a shared VPC containing a stateful firewall appliance and a transit gateway with VPC attachments to route traffic between VPC A and VPC B through the firewall for inspection. However, during testing, the transit gateway drops traffic when it traverses between two Availability Zones. What should a network engineer do to resolve this issue with minimal management overhead?

Exam-Like

In the shared VPC, replace the VPC attachment with a VPN attachment. Create a VPN tunnel between the transit gateway and the firewall appliance. Configure BGP.

0.0%

Enable transit gateway appliance mode on the VPC attachment in VPC A and VPC B.

0.0%

Enable transit gateway appliance mode on the VPC attachment in the shared VPC.

100.0%

In the shared VPC, configure one VPC peering connection to VPC A and another VPC peering connection to VPC B.