AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company plans to use Amazon ElastiCache for its multi-tier web application. A solutions architect creates a Cache VPC for the ElastiCache cluster and an App VPC for the application's Amazon EC2 instances. Both VPCs are in the us-east-1 Region.

The solutions architect must implement a solution to provide the application's EC2 instances with access to the ElastiCache cluster.

Which solution will meet these requirements MOST cost-effectively?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Create a peering connection between the VPCs. Add a route table entry for the peering connection in both VPCs. Configure an inbound rule for the ElastiCache cluster’s security group to allow inbound connection from the application’s security group.

Create a Transit VPC. Update the VPC route tables in the Cache VPC and the App VPC to route traffic through the Transit VPC. Configure an inbound rule for the ElastiCache cluster’s security group to allow inbound connection from the application’s security group.

Create a peering connection between the VPCs. Add a route table entry for the peering connection in both VPCs. Configure an inbound rule for the peering connection’s security group to allow inbound connection from the application’s security group.

Create a Transit VPC. Update the VPC route tables in the Cache VPC and the App VPC to route traffic through the Transit VPC. Configure an inbound rule for the Transit VPC’s security group to allow inbound connection from the application’s security group.

Explanation:

Explanation

Correct Answer: A

Why Option A is correct:

VPC Peering is the most cost-effective solution for connecting two VPCs in the same region. VPC peering connections are free (no data transfer charges between peered VPCs in the same region).
Route table configuration is necessary to allow traffic to flow between the VPCs through the peering connection.
Security group configuration is correctly applied at the ElastiCache cluster's security group level, allowing inbound connections from the application's security group.

Why other options are incorrect:

Option B: Uses a Transit VPC, which is more complex and expensive. Transit VPC typically involves additional infrastructure (VPN connections, EC2 instances running routing software) and is designed for connecting multiple VPCs or connecting to on-premises networks. It's overkill for connecting just two VPCs in the same region.

Option C: Incorrectly configures the security group rule on the "peering connection's security group." VPC peering connections don't have security groups. Security groups are associated with EC2 instances, ElastiCache clusters, RDS instances, etc., not with VPC peering connections.

Option D: Similar to Option B, uses a Transit VPC which is unnecessarily complex and expensive for this simple two-VPC scenario. Also incorrectly references a "Transit VPC's security group" - Transit VPCs don't have security groups themselves; they contain EC2 instances with security groups.

Key AWS Concepts:

VPC Peering: Direct network connection between two VPCs in the same region
Security Groups: Stateful firewalls at the instance level
Route Tables: Control traffic routing within VPCs
Cost Optimization: Choose the simplest, most direct solution that meets requirements

Powered ByGPT-5.2

Comments

Loading comments...