Migrating MongoDB to Amazon DynamoDB: Ensuring Private and Secure Data Transfer
Question
A company is migrating its on-premises MongoDB database to Amazon DynamoDB.The security team mandates that all data must be transferred over a dedicated, private, and secured connection with no data transport occurring over the public Internet.
Which AWS services must be part of the solution (Select TWO)?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.Answer: C and E.
Option A is incorrect because VPC peering is used to establish connectivity between two Amazon VPC's.
Option B is incorrect because Site-to-site VPN can be used to establish a secure and private connection between an on-premises network and Amazon VPC over the Internet.
Option C is CORRECT because AWS Direct Connect can be used to establish a secure and private connection between an on-premises network and Amazon VPC over a dedicated line.
Option D is incorrect because PrivateLink Interface Endpoint does not support DynamoDB.Option E is CORRECT PrivateLink Gateway endpoint is used to integrate DynamoDB to Amazon VPC without the use of Internet Gateway.
Reference:
https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html https://docs.aws.amazon.com/vpc/latest/userguide/vpce-gateway.htmlThe requirement to transfer data over a dedicated, private, and secured connection rules out the use of the public Internet. AWS provides several services to meet this requirement. Two services that can be used to meet this requirement are Direct Connect and PrivateLink Interface Endpoint.
Direct Connect: Direct Connect establishes a dedicated network connection between the customer's data center or colocation environment and AWS. With Direct Connect, the customer's data never traverses the public Internet. The dedicated connection can be used to access AWS services including DynamoDB.
PrivateLink Interface Endpoint: A PrivateLink Interface Endpoint is a network interface that enables customers to access services in a VPC privately. PrivateLink uses AWS PrivateLink to route traffic within AWS using private IP addresses rather than over the public Internet. PrivateLink Interface Endpoint can be used to securely access DynamoDB from within the same VPC or from another VPC.
Therefore, the two AWS services that must be part of the solution are Direct Connect and PrivateLink Interface Endpoint. The other options, VPC peering, Site-to-Site VPN, and PrivateLink Gateway Endpoint, may be useful in other scenarios but are not necessary to meet the requirement of a dedicated, private, and secure connection.
