AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
An application running on an Amazon EC2 instance in VPC-A needs to access files in another EC2 instance in VPC-B. Both VPCs are in separate AWS accounts. The network administrator needs to design a solution to configure secure access to EC2 instance in VPC-B from VPC-A. The connectivity should not have a single point of failure or bandwidth concerns.
Which solution will meet these requirements?
Other
Community
UAnonymous
A
Set up a VPC peering connection between VPC-A and VPC-B.
B
Set up VPC gateway endpoints for the EC2 instance running in VPC-B.
C
Attach a virtual private gateway to VPC-B and set up routing from VPC-A.
D
Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-A.
Explanation:
Explanation
Correct Answer: A - Set up a VPC peering connection between VPC-A and VPC-B.
Why this is correct:
- VPC Peering is specifically designed to connect two VPCs together, allowing resources in different VPCs to communicate with each other using private IP addresses.
- Cross-account support: VPC peering can be established between VPCs in different AWS accounts, which meets the requirement that both VPCs are in separate AWS accounts.
- No single point of failure: VPC peering connections are highly available and redundant by design. The traffic flows through the AWS backbone network, which is designed for high availability.
- No bandwidth concerns: VPC peering connections do not have bandwidth limitations or throughput constraints like VPN connections might have. The traffic uses AWS's internal network infrastructure.
- Secure access: Communication between peered VPCs stays within the AWS network and does not traverse the public internet, providing enhanced security.
Why other options are incorrect:
B. Set up VPC gateway endpoints for the EC2 instance running in VPC-B.
- VPC gateway endpoints are for accessing AWS services (like S3, DynamoDB) from within a VPC, not for connecting to EC2 instances in another VPC.
- Gateway endpoints don't facilitate VPC-to-VPC connectivity.
C. Attach a virtual private gateway to VPC-B and set up routing from VPC-A.
- Virtual private gateways are for VPN connections from on-premises networks to AWS VPCs, not for VPC-to-VPC connectivity.
- This would require setting up a VPN connection which could have bandwidth limitations and potentially create a single point of failure.
D. Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-A.
- Private virtual interfaces are for AWS Direct Connect connections, which are for connecting on-premises data centers to AWS.
- This is not designed for VPC-to-VPC connectivity and would be unnecessarily complex and expensive for this use case.
Key AWS Concepts:
- VPC Peering: A networking connection between two VPCs that enables you to route traffic between them using private IPv4 or IPv6 addresses.
- Cross-account VPC peering: Requires the owner of the requester VPC to send a peering request to the owner of the accepter VPC.
- Security considerations: Security groups and network ACLs still apply to traffic between peered VPCs, allowing you to control access.
- Routing: You must update route tables in both VPCs to route traffic destined for the peered VPC through the peering connection.
Comments
Loading comments...