A solutions architect is designing an AWS account structure for a company that consists of multiple teams. All the teams will work in the same AWS Region. The company needs a VPC that is connected to the on-premises network. The company expects less than 50 Mbps of total traffic to and from the on-premises network.
Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)
To meet the requirements cost-effectively, the best approach includes creating a shared VPC for all teams and using AWS Site-to-Site VPN for connectivity to the on-premises network. Sharing the VPC and subnets simplifies management and optimizes resource utilization across teams, while AWS Site-to-Site VPN provides a cost-effective means of connecting to the on-premises network at the expected traffic levels without incurring the higher costs associated with AWS Direct Connect or the complexity of AWS Transit Gateway.
BD they need a (one) VPC, no need for TGW. Use case for subnet sharing via RAM
BC. There are multiple teams and accounts.
Correct AD. I think A is correct because you can connect the VPN to each VPC by using a VPN connection resource in each AWS account. You do not need a shared network account for that. You can refer to this documentation for more details: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html B is not correct because it will create a single VPC for all the AWS accounts, which will reduce the isolation and security for the different teams. It will also require sharing the subnets by using AWS Resource Access Manager, which will add complexity and overhead.
Direct Connect may be an overkill with 1GBPs
B+C in my humble opinion. Reason for C is that this is a design for a company with "multiple teams" so it is only logical that these teams will want to have at some stage independent accounts from one another and different accounts within the same teams. Thinking about a single VPC would be a bit short sighted.
B and D is right choice.
b-d...b-d
BD? dont think we need tgw here.
Tgw is for VPCs communication.
Other problem with VPN is 1.25 Gb limitation.
You need to create a singe VPC and a single Account.
Most Cost Effective...
The problem did not say how many VPC. @@@
Option BC & NOT C - The MOST cost effective option: AWS Site-to-Site VPN connection pricing still applies in addition to AWS Transit Gateway VPN attachment pricing. So you will be additional cost with both option https://aws.amazon.com/transit-gateway/pricing/
If you have one VPC why you need to share the subnets ?
Selected Answer: BE Why is nobody considering Direct Connect, it is cheaper than Site to Site VPN.
the ask here is for most cost effectively choice.
B, D for sure. No need for a TGW