A global enterprise is redesigning its AWS network architecture across 50 AWS accounts and 3 AWS Regions. They currently use VPC peering, which has become unmanageable. The new architecture must support transitive routing, centralized outbound internet access, and dedicated hybrid connectivity to two on-premises data centers via AWS Direct Connect. Which solution meets these requirements with the LEAST operational overhead?

Answer options:

Deploy AWS Transit Gateway in each Region. Peer the Transit Gateways. Attach VPCs and a Direct Connect gateway to the Transit Gateways. Route outbound traffic to a centralized egress VPC in each Region.

Deploy a single global AWS Transit Gateway. Attach all VPCs across all Regions to this Transit Gateway. Attach a Direct Connect gateway. Route outbound traffic through a single egress VPC.

Use AWS Cloud WAN to create a global core network. Attach VPCs directly to the Direct Connect gateway. Use NAT Gateways in every VPC for internet access.

Maintain VPC peering but automate it using AWS Resource Access Manager (RAM). Terminate Direct Connect on a Transit VPC using software VPN appliances.

How to approach this question

Identify the service that provides transitive routing at scale (Transit Gateway) and how it handles multi-region (peering) and hybrid connectivity (Direct Connect Gateway).

Full Answer

A.Deploy AWS Transit Gateway in each Region. Peer the Transit Gateways. Attach VPCs and a Direct Connect gateway to the Transit Gateways. Route outbound traffic to a centralized egress VPC in each Region.✓ Correct

AWS Transit Gateway acts as a highly scalable regional cloud router. To connect multiple regions, you peer the regional Transit Gateways. Direct Connect Gateway allows you to connect your Direct Connect connections to Transit Gateways in multiple regions.

Common mistakes

Assuming Transit Gateway is a global resource.

All questions Question 02

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 5

75 questions · hints · full answers · grading

More questions from this exam

Q02A company uses AWS Organizations to manage multiple accounts. The security team mandates that no ...Medium Q03A financial institution requires a disaster recovery strategy for its critical trading applicatio...Hard Q04An enterprise is setting up a new multi-account AWS environment using AWS Control Tower. They nee...Medium Q05A company has a complex AWS environment with hundreds of linked accounts under AWS Organizations....Hard Q06An architecture team is designing a hybrid network. They have two on-premises data centers and th...Hard

View all 75 questions →