AWS Certified Advanced Networking - Specialty: Implementing a Cost-Effective Solution for Media, Sales, and Marketing VPC Connectivity
Question
A media firm has created Sales VPC, Marketing VPC & Media VPC.
Media VPC has many servers hosting large size media content uploaded from an on-premises office.
Users from on-premises offices also need to have access to Sales VPC & Marketing VPC.
Servers in Marketing VPC download media content from Media VPC on a regular basis to create modified content for external clients.
Sales VPC should be isolated from Media VPC & Marketing VPC with only need basis specific subnets to access these VPCs.
The firm is looking for a cost-effective, scalable solution to be deployed. As an AWS Architect, which of the following will you suggest implementing to meet the requirement?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E. A. G. E. D. .Correct Answer - C.
From On-premise to Media VPC, large size videos files need to be uploaded so Private VIF over AWS Direct Connect Gateway would provide dedicated bandwidth & minimize cost as compared to having connectivity via Transit gateway.
To limit traffic flowing via Transit Gateway for servers between Marketing VPC & Media VPC, VPC peering can be implemented without hourly connection charges as in Transit Gateway.
For specific IP communication between Sales, Marketing & Media VPC & with on-premise users, a transit Gateway can be deployed.
Option A is incorrect as creating VPC peering between all three VPC will allow Sales VPC full access to the other two VPC.
Also, creating a separate VPN from on-premises to each of three VPC will be a costly & non-scalable solution.
Option B is incorrect as using Transit Gateway for heavy traffic between on-premises to Media VPC will incur a huge cost compared to having Private VIF connectivity from AWS Direct Connect gateway to Media VPC.Option D is incorrect as using Transit Gateway for heavy traffic between on-premises to Media VPC will incur a huge cost compared to having Private VIF connectivity from AWS Direct Connect gateway to Media VPC.
Also, with full mesh VPC peering, it would be a non-scalable solution.
For more information on Hybrid Connectivity, refer to the following URL.
https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdfThe media firm has three VPCs: Sales VPC, Marketing VPC, and Media VPC. The Media VPC contains servers hosting large media content uploaded from an on-premises office, and both the Sales and Marketing VPCs require access to the Media VPC. The Marketing VPC downloads media content from the Media VPC to create modified content for external clients. Sales VPC should be isolated from Media VPC and Marketing VPC with only specific subnets having access to these VPCs on an as-needed basis. The solution must be cost-effective and scalable.
Let's analyze each of the given solutions in detail to find the best fit for the firm's requirements:
A. Create Private VIF over AWS Direct Connect Gateway to Media VP.
This solution involves creating a private VIF (Virtual Interface) over AWS Direct Connect Gateway to Media VPC. This solution is secure as it provides a private connection between on-premises offices and the Media VPC. However, it does not allow access to the Sales VPC and Marketing VPC, which is a requirement of the firm.
B. Create full mesh VPC peering between Sales, Marketing & Media VP.
This solution involves creating a full mesh VPC peering between Sales, Marketing, and Media VPCs. While it allows access to all the VPCs, it is not a scalable solution as the number of VPCs increases. It can also be complicated to manage as the number of VPCs grows.
C. Create a VPN connection from on-premises to each of the VPC for communication between on-premises users & each of the three VP.
This solution involves creating a VPN connection from on-premises to each of the VPCs to facilitate communication between on-premises users and each of the three VPCs. While this solution is secure, it can be expensive as the number of VPCs increases. It can also be complicated to manage as the number of VPCs grows.
D. Create Transit VIF over AWS Direct Connect Gateway to connect to Transit Gateway which will have an association with specific subnets from all three VP.
This solution involves creating a Transit VIF over AWS Direct Connect Gateway to connect to Transit Gateway, which will have an association with specific subnets from all three VPCs. This solution is scalable, cost-effective, and secure. It allows for isolation between Sales VPC and Media VPC and Marketing VPC. It also allows for access to all three VPCs as needed.
E. Create a VPC peering between Marketing VPC & Media VP.
This solution involves creating a VPC peering between Marketing VPC and Media VPC. While it allows access between Marketing VPC and Media VPC, it does not provide access to the Sales VPC, which is a requirement of the firm.
F. Create Private VIF over another AWS Direct Connect Gateway to Media VP.
This solution is the same as option A, which only allows access to the Media VPC and not the Sales VPC or Marketing VPC.
G. Create Transit VIF over another AWS Direct Connect Gateway to connect to Transit Gateway, which will have an association with specific subnets from all three VP.
This solution involves creating a Transit VIF over another AWS Direct Connect Gateway to connect to Transit Gateway, which will have an association with specific subnets from all three VPCs. While it provides access to all three VPCs, it is not cost-effective or scalable as it requires the creation of another Direct Connect Gateway.
Overall, the best solution for the firm's requirements is D. Create Transit VIF over AWS Direct Connect Gateway to connect to Transit Gateway, which will have an association with specific subnets from all three VP.
