A company business intelligence team has a number of reporting applications deployed on EC2 instances in their AWS account.
The company data warehouse team has provisioned a new set of database sources using AWS RDS in a different AWS account.
What is the optimal solution to achieve secure and reliable connectivity from the business intelligence applications to the new RDS databases?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A.
Option A is CORRECT because VPC peering is used to establish connectivity between two Amazon VPC's over Amazon's secure and reliable backbone network.
Option B is incorrect because Site-to-site VPN is not the optimal solution as it requires the creation of VPN gateways.
Option C is incorrect because AWS Direct Connect can be used to establish a secure and private connection between an on-premises network and Amazon VPC over a dedicated line.
Option D is incorrect because PrivateLink endpoints are used to integrate AWS services to Amazon VPC without the use of Internet Gateway.
Reference:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html#USER_VPC.Scenario3 https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.htmlThe optimal solution to achieve secure and reliable connectivity from the business intelligence applications to the new RDS databases deployed in a different AWS account is option D, PrivateLink.
PrivateLink is a secure and scalable way to access services over the AWS network. It allows resources in one VPC to privately access services hosted in another VPC or AWS account, without using public IPs, NAT devices, VPN connections, or Internet Gateways.
In this scenario, the company can create a VPC endpoint in their business intelligence VPC, which will allow them to privately connect to the RDS instances in the data warehouse account. This connection will be secure and reliable since the traffic between the two VPCs will not traverse the internet, and the traffic is not exposed to any external sources.
VPC peering is not an optimal solution in this case, as it requires that the two VPCs be in the same AWS account. Therefore, this option is not suitable for the scenario at hand.
Site-to-site VPN and Direct Connect are also not optimal solutions in this case since they require additional infrastructure to be set up and maintained, which can increase the complexity of the solution. Furthermore, they also introduce potential points of failure, such as the VPN gateway or the Direct Connect router.
In summary, PrivateLink is the optimal solution as it provides a secure, reliable, and scalable way for the business intelligence team to access the RDS databases in the data warehouse account.