AWS Direct Connect Connection
Question
Your company currently has data in an on-premises location.
They want to create an AWS Direct Connect connection to move this data to their AWS VPC securely.
You also need to access other AWS services and ensure the confidentiality and integrity of the data in transit to your VPC.
(Select THREE)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B, C, and D.
This is also given in the AWS Documentation.
Short Description.
A VPN that connects your office to your Amazon VPC over an AWS Direct Connect connection is likely to be faster and more secure than a VPN that connects to your VPC over the internet.
Resolution.
Create an AWS Direct Connect connection.
Configure a public virtual interface for the Direct Connect connection.
In the Prefixes that you want to advertise, in the field for the virtual interface, enter the IPv4 CIDR destination addresses (separated by commas) where traffic should be routed to you over the virtual interface.
In this case, add the public IP and any network prefixes that you want to advertise.
Your public virtual interface receives all the public IP addresses from AWS regions (except the AWS China region), including the public IP addresses of the VPN.
To get the current list of prefixes advertised by AWS, download the JSON file containing AWS IP address ranges.
For more information, see AWS IP Address Ranges.
Option A is incorrect because a public VIF would handle this on AWS Direct Connect.
Option D is CORRECT since you need an IPsec tunnel over the private connection.
For more information on VPN over Direct Connect, one can visit the below URL
https://aws.amazon.com/premiumsupport/knowledge-center/create-vpn-direct-connect/ https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-vpc-connectivity-options.pdf#welcome
To move on-premises data to an AWS VPC securely and access other AWS services, you can create an AWS Direct Connect connection. AWS Direct Connect establishes a dedicated network connection from your premises to AWS, which can reduce network costs, increase bandwidth throughput, and provide a more reliable network experience than internet-based connections.
To ensure the confidentiality and integrity of the data in transit to your VPC, you can follow these steps:
Attach a virtual private gateway (VGW) to the VPC: A virtual private gateway is the VPN concentrator on the AWS side of the VPN connection. When you attach a VGW to your VPC, it creates a secure and private communication channel between your VPC and your on-premises network. You can create and manage a VGW using the Amazon VPC console or the AWS Command Line Interface (CLI).
Create an IPSec tunnel between the customer gateway and the virtual private gateway: The customer gateway is a physical device or software application on your side of the VPN connection that terminates the VPN tunnel. By creating an IPSec tunnel between your customer gateway and the virtual private gateway, you can establish a secure connection between your on-premises network and your VPC.
Set up a VPN over private VIF using the AWS Direct Connect connection: AWS Direct Connect provides private virtual interfaces (VIFs) that enable you to establish a private connection between your on-premises network and your VPC. By setting up a VPN over a private VIF, you can encrypt all traffic between your on-premises network and your VPC, ensuring the confidentiality and integrity of your data in transit.
Note: Setting up a VPN over a public VIF is not recommended as it transmits data over the public internet, which is less secure than using a private VIF.
Therefore, the correct answers are A, C, and D.