Explanation
AWS Transit Gateway is the correct answer because it is specifically designed to connect multiple Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub.
Why AWS Transit Gateway is correct:
- Centralized Hub: AWS Transit Gateway acts as a central hub that simplifies network architecture by connecting multiple VPCs, VPN connections, and AWS Direct Connect attachments.
- Scalability: It can connect thousands of VPCs, making it ideal for large-scale network architectures.
- Simplified Management: Instead of creating and managing multiple VPC peering connections (which would require n*(n-1)/2 connections for n VPCs), you can connect all VPCs to a single Transit Gateway.
- Transitive Routing: Unlike VPC peering which doesn't support transitive routing, Transit Gateway enables transitive routing between all connected networks.
Why the other options are incorrect:
- AWS Config: This is a service for assessing, auditing, and evaluating AWS resource configurations, not for network connectivity.
- AWS Direct Connect: This service establishes a dedicated network connection from on-premises to AWS, but it's not designed to connect multiple VPCs together.
- Amazon GuardDuty: This is a threat detection service that continuously monitors for malicious activity and unauthorized behavior, not a networking service.
Key Use Cases for AWS Transit Gateway:
- Connecting multiple VPCs across different AWS accounts and regions
- Centralizing network traffic inspection and security controls
- Simplifying network management for large organizations
- Enabling hybrid cloud architectures with on-premises data centers
This question tests knowledge of AWS networking services and their specific use cases, which is fundamental for the AWS Certified Cloud Practitioner exam.
