An enterprise uses AWS Transit Gateway to connect 50 VPCs. They want to inspect all internet-bound traffic from these VPCs using third-party firewall appliances. What is the MOST scalable architecture?

Answer options:

Deploy firewall appliances in each VPC.

Deploy a Gateway Load Balancer (GWLB) with the firewall appliances in a centralized inspection VPC, routed via Transit Gateway.

Use AWS Network Firewall in each VPC.

Route all traffic back to on-premises firewalls via Direct Connect.

How to approach this question

Identify the service designed to scale third-party network appliances.

B.Deploy a Gateway Load Balancer (GWLB) with the firewall appliances in a centralized inspection VPC, routed via Transit Gateway.✓ Correct

Deploy a Gateway Load Balancer (GWLB) with the firewall appliances in a centralized inspection VPC, routed via Transit Gateway.

Gateway Load Balancer makes it easy to deploy, scale, and manage third-party virtual appliances like firewalls.

Using Network Load Balancers, which require complex routing for transparent inspection.

75 questions · hints · full answers · grading