AWS Certified Solutions Architect - Associate

Ultimate access to all questions.

Explanation:

Explanation

Correct Answer: A - Set up a VPC peering connection between VPC-A and VPC-B.

Why this is correct:

VPC Peering is specifically designed to connect two VPCs together, allowing resources in different VPCs to communicate with each other using private IP addresses.
Cross-account support: VPC peering can be established between VPCs in different AWS accounts, which meets the requirement that both VPCs are in separate AWS accounts.
No single point of failure: VPC peering connections are highly available and redundant by design. The traffic flows through the AWS backbone network, which is designed for high availability.
No bandwidth concerns: VPC peering connections do not have bandwidth limitations or throughput constraints like VPN connections might have. The traffic uses AWS's internal network infrastructure.
Secure access: Communication between peered VPCs stays within the AWS network and does not traverse the public internet, providing enhanced security.

Why other options are incorrect:

B. Set up VPC gateway endpoints for the EC2 instance running in VPC-B.

VPC gateway endpoints are for accessing AWS services (like S3, DynamoDB) from within a VPC, not for connecting to EC2 instances in another VPC.
Gateway endpoints don't facilitate VPC-to-VPC connectivity.

C. Attach a virtual private gateway to VPC-B and set up routing from VPC-A.

Virtual private gateways are for VPN connections from on-premises networks to AWS VPCs, not for VPC-to-VPC connectivity.
This would require setting up a VPN connection which could have bandwidth limitations and potentially create a single point of failure.

D. Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-A.

Private virtual interfaces are for AWS Direct Connect connections, which are for connecting on-premises data centers to AWS.
This is not designed for VPC-to-VPC connectivity and would be unnecessarily complex and expensive for this use case.

Key AWS Concepts:

VPC Peering: A networking connection between two VPCs that enables you to route traffic between them using private IPv4 or IPv6 addresses.
Cross-account VPC peering: Requires the owner of the requester VPC to send a peering request to the owner of the accepter VPC.
Security considerations: Security groups and network ACLs still apply to traffic between peered VPCs, allowing you to control access.
Routing: You must update route tables in both VPCs to route traffic destined for the peered VPC through the peering connection.

Explanation:

Correct Answer: A - Set up a VPC peering connection between VPC-A and VPC-B.

Why this is correct:

VPC Peering is specifically designed to connect two VPCs together, allowing resources in different VPCs to communicate with each other using private IP addresses.
Cross-account support: VPC peering can be established between VPCs in different AWS accounts, which meets the requirement that both VPCs are in separate AWS accounts.
No single point of failure: VPC peering connections are highly available and redundant by design. The traffic flows through the AWS backbone network, which is designed for high availability.
No bandwidth concerns: VPC peering connections do not have bandwidth limitations or throughput constraints like VPN connections might have. The traffic uses AWS's internal network infrastructure.
Secure access: Communication between peered VPCs stays within the AWS network and does not traverse the public internet, providing enhanced security.

Why other options are incorrect:

B. Set up VPC gateway endpoints for the EC2 instance running in VPC-B.

VPC gateway endpoints are for accessing AWS services (like S3, DynamoDB) from within a VPC, not for connecting to EC2 instances in another VPC.
Gateway endpoints don't facilitate VPC-to-VPC connectivity.

C. Attach a virtual private gateway to VPC-B and set up routing from VPC-A.

Virtual private gateways are for VPN connections from on-premises networks to AWS VPCs, not for VPC-to-VPC connectivity.
This would require setting up a VPN connection which could have bandwidth limitations and potentially create a single point of failure.

D. Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-A.

Private virtual interfaces are for AWS Direct Connect connections, which are for connecting on-premises data centers to AWS.
This is not designed for VPC-to-VPC connectivity and would be unnecessarily complex and expensive for this use case.

Key AWS Concepts:

VPC Peering: A networking connection between two VPCs that enables you to route traffic between them using private IPv4 or IPv6 addresses.
Cross-account VPC peering: Requires the owner of the requester VPC to send a peering request to the owner of the accepter VPC.
Security considerations: Security groups and network ACLs still apply to traffic between peered VPCs, allowing you to control access.
Routing: You must update route tables in both VPCs to route traffic destined for the peered VPC through the peering connection.

No comments yet.

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Set up a VPC peering connection between VPC-A and VPC-B.

Set up VPC gateway endpoints for the EC2 instance running in VPC-B.