Answer-first summary for fast verification
Answer: Ensure the partner creates a VPC endpoint service that uses a Network Load Balancer in VPC-B., Deploy a VPC endpoint in VPC-A that uses a VPC endpoint service that is shared by the partner.
The correct approach to solve this problem involves addressing the overlapping IP space issue between VPC-A and VPC-B, while ensuring that the existing environments are not negatively affected. Option A, establishing a VPC peering connection, is not viable because VPC peering does not support overlapping CIDR blocks. Option E, establishing an AWS Site-to-Site VPN connection, also does not resolve the overlapping IP space issue. Option D suggests deploying a new routable VPC CIDR block as a secondary CIDR block to both VPCs and deploying a public NAT gateway in VPC-A. This approach can help in routing traffic between the VPCs without IP conflicts, but it does not directly solve the problem of connecting to the web application in VPC-B. The most effective solutions are provided by options B and C. Option B involves the partner creating a VPC endpoint service that uses a Network Load Balancer in VPC-B, which allows for private connectivity to the web application without exposing it to the internet. Option C suggests deploying a VPC endpoint in VPC-A that uses the VPC endpoint service shared by the partner, enabling secure and private access to the web application in VPC-B without the need for public IP addresses or overlapping CIDR blocks. Therefore, the correct options are B and C.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company operates five VPCs in the us-east-1 Region, hosting an internal web application in one of its VPCs, VPC-A. The company needs to connect VPC-A to an external partner's AWS environment in the same Region, where the partner hosts a new version of the web application in VPC-B. However, both VPC-A and VPC-B use overlapping IP address spaces. The company's EC2 instances in VPC-A must connect to the web application in VPC-B without disrupting the existing environments of either the company or the partner.
Which two actions should the network engineer take to meet these requirements?
A.
Create a VPC peering connection between VPC-A and VPC-B.
B.
Ensure the partner configures a VPC endpoint service in VPC-B using a Network Load Balancer.
C.
Deploy a VPC endpoint in VPC-A that connects to the partner's shared VPC endpoint service.
D.
Add a new routable VPC CIDR block as a secondary CIDR to both VPC-A and VPC-B, and deploy a public NAT gateway in VPC-A.
A
Establish a VPC peering connection between VPC-A to VPC-B.
B
Ensure the partner creates a VPC endpoint service that uses a Network Load Balancer in VPC-B.
C
Deploy a VPC endpoint in VPC-A that uses a VPC endpoint service that is shared by the partner.
D
Deploy a new routable VPC CIDR block as a secondary CIDR block to both VPC-A and VPC-B. Deploy a public NAT gateway in VPC-A.
E
Establish an AWS Site-to-Site VPN connection between VPC-A and VPC-B.