AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Explanation:

Detailed Explanation

Let's analyze the architecture and identify single points of failure:

Current Architecture:

Management VPC:
- Uses VPNs through a single customer gateway device in the data center
- This is a single point of failure - if the customer gateway device fails, the Management VPC loses connectivity to the data center
Production VPC:
- Uses a virtual private gateway with two attached AWS Direct Connect connections
- This already has redundancy with two Direct Connect connections
VPC Peering:
- Single VPC peering connection between Management and Production VPCs
- VPC peering connections are inherently redundant and highly available within AWS infrastructure

Analysis of Options:

A. Add a set of VPNs between the Management and Production VPCs.

This doesn't address the actual single point of failure (the single customer gateway device)
It adds unnecessary complexity without solving the redundancy issue

B. Add a second virtual private gateway and attach it to the Management VPC.

The Management VPC uses VPNs, not a virtual private gateway
This doesn't address the single customer gateway device issue

C. Add a second set of VPNs to the Management VPC from a second customer gateway device.

CORRECT: This directly addresses the single point of failure
Adds redundancy by introducing a second customer gateway device
Provides failover capability if the primary customer gateway device fails
Follows AWS best practices for high availability

D. Add a second VPC peering connection between the Management VPC and the Production VPC.

VPC peering connections are already highly available within AWS
AWS doesn't support multiple peering connections between the same two VPCs
This doesn't address the actual single point of failure

Key Points:

The main single point of failure is the single customer gateway device in the Management VPC's VPN connection
AWS Direct Connect connections in the Production VPC already have redundancy (two connections)
VPC peering is inherently redundant within AWS infrastructure
The solution must provide redundancy at the customer gateway level for the Management VPC's VPN connection

Best Practice: For mission-critical VPN connections, AWS recommends using multiple customer gateway devices with separate VPN tunnels to ensure high availability and eliminate single points of failure.

Explanation:

Detailed Explanation

Let's analyze the architecture and identify single points of failure:

Current Architecture:

Management VPC:
- Uses VPNs through a single customer gateway device in the data center
- This is a single point of failure - if the customer gateway device fails, the Management VPC loses connectivity to the data center
Production VPC:
- Uses a virtual private gateway with two attached AWS Direct Connect connections
- This already has redundancy with two Direct Connect connections
VPC Peering:
- Single VPC peering connection between Management and Production VPCs
- VPC peering connections are inherently redundant and highly available within AWS infrastructure

Analysis of Options:

A. Add a set of VPNs between the Management and Production VPCs.

This doesn't address the actual single point of failure (the single customer gateway device)
It adds unnecessary complexity without solving the redundancy issue

B. Add a second virtual private gateway and attach it to the Management VPC.

The Management VPC uses VPNs, not a virtual private gateway
This doesn't address the single customer gateway device issue

C. Add a second set of VPNs to the Management VPC from a second customer gateway device.

CORRECT: This directly addresses the single point of failure
Adds redundancy by introducing a second customer gateway device
Provides failover capability if the primary customer gateway device fails
Follows AWS best practices for high availability

D. Add a second VPC peering connection between the Management VPC and the Production VPC.

VPC peering connections are already highly available within AWS
AWS doesn't support multiple peering connections between the same two VPCs
This doesn't address the actual single point of failure

Key Points:

The main single point of failure is the single customer gateway device in the Management VPC's VPN connection
AWS Direct Connect connections in the Production VPC already have redundancy (two connections)
VPC peering is inherently redundant within AWS infrastructure
The solution must provide redundancy at the customer gateway level for the Management VPC's VPN connection

Comments (0)

No comments yet.

A company has two VPCs named Management and Production. The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center. The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections. The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.

What should a solutions architect do to mitigate any single point of failure in this architecture?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Add a set of VPNs between the Management and Production VPCs.

Add a second virtual private gateway and attach it to the Management VPC.

Add a second set of VPNs to the Management VPC from a second customer gateway device.