SAP-C01 Exam QuestionsBrowse all questions from this exam
Go to Exam

SAP-C01 Exam - Question 923

A company has set up a multi-account AWS environment by using AWS Control Tower. Each AWS account that AWS Control Tower creates has its own VPC.

The company is developing an application that will integrate with many microservices. The company has designated a specific account to host the application. The company will deploy the microservices on Amazon EC2 instances and will implement the microservices across multiple AWS accounts.

The microservices require a high degree of interconnectivity. The company needs a solution that will give the application the ability to communicate privately with the microservices. The solution also must minimize cost and operational overhead.

Which solution will meet these requirements?

Show Answer
Correct Answer: C

The company requires a solution that enables private communication between the application and microservices across multiple AWS accounts while minimizing cost and operational overhead. The use of AWS VPN CloudHub and VPC peering would typically involve higher costs and more complex configuration. Notably, sharing a VPC via AWS Resource Access Manager (AWS RAM) is inaccurate because AWS RAM can only share subnets, not entire VPCs. The optimal solution is to create a transit gateway in the application account and attach the application VPC along with all other VPCs to the transit gateway. This setup will facilitate seamless, scalable communication across all VPCs with centralized management, ensuring minimal operational overhead and cost. Thus, using a transit gateway aligns with the requirements specified.

Discussion

17 comments
Sign in to comment
wassbOption: C
Oct 17, 2022

You cannot share a VPC but subnets of the VPC. i will go for C

Rocketeer
Sep 9, 2022

I think D - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html

Rocketeer
Nov 7, 2022

Changing to B. VPC peering is cheaper than transit gateway.

Rocketeer
Nov 7, 2022

Could not edit my response. If we see from cost perspective, option D is still the cheapest. Hence I am leaning back to D.

SureNotOption: C
Dec 3, 2022

The microservices require a high degree of interconnectivity C - fits well B - VPC Peering is not transitive D - you can't share VPC, only subnets

masetromainOption: C
Jan 12, 2023

C. Create a transit gateway in the application account. Attach the application VPC and all the other VPCs to the transit gateway. Create a transit gateway route table to direct traffic between the VPCs. This solution would allow for communication between the application VPC and all other VPCs, providing the necessary interconnectivity for the microservices. Additionally, using a transit gateway would minimize cost and operational overhead, as it allows for central management of network traffic flow and eliminates the need for a separate VPN connection or VPC peering connection for each VPC.

zozza2023Option: C
Jan 29, 2023

i will go for C

SkyZeroZxOption: D
Jul 10, 2023

https://aws.amazon.com/es/blogs/architecture/using-vpc-sharing-for-a-cost-effective-multi-account-microservice-architecture/

vn_thanhtung
Aug 29, 2023

RAM can not share VPC

ggrodskiy
Jul 18, 2023

Correct C.

mrgreatness
Nov 11, 2022

I'm going D because there is an AWS blog about this and alot of exam questions are formed from blogs written by SA. D works and is cheaper option. So will go for D

alnadanOption: D
Nov 11, 2022

D Please read this: https://aws.amazon.com/blogs/architecture/using-vpc-sharing-for-a-cost-effective-multi-account-microservice-architecture/

Koloseum198020
Nov 13, 2022

https://aws.amazon.com/blogs/architecture/using-vpc-sharing-for-a-cost-effective-multi-account-microservice-architecture/

SureNotOption: B
Nov 25, 2022

Why not B??? The cheap and simple option

zozza2023
Jan 29, 2023

can't be D as we can't share vpc (we share subnet)

andras
Mar 3, 2023

technically we share subnets... but according to AWS terminology: Share your VPC with other accounts......https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html

andras
Mar 3, 2023

and one more: You can share non-default subnets with other accounts within your organization.

dev112233xxOption: D
Apr 29, 2023

D is 100% the solution and it's also has no costs. no need to use TGW or Peering.

yama234
May 8, 2023

D keyword is "a high degree of interconnectivity". Network Load Balancers in a shared VPC (using AWS RAM) is solution. https://aws.amazon.com/blogs/architecture/using-vpc-sharing-for-a-cost-effective-multi-account-microservice-architecture/

3a632a3Option: D
Jan 8, 2024

Read the blog that others have posted, it covers every requirement and explains how the other options are more costly. https://aws.amazon.com/es/blogs/architecture/using-vpc-sharing-for-a-cost-effective-multi-account-microservice-architecture/

marszalekm
Jan 25, 2024

This a bit tricky, depends what author of the questions had in mind but generally you cannot share VPC itself, you can share subnets. https://repost.aws/knowledge-center/vpc-share-subnet-with-another-account Tt the same time AWS uses phrase "share VPC" https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html I love such questions :)

WhyIronManOption: D
Jul 14, 2024

D https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html