Examice

Exam SAP-C01 All QuestionsBrowse all questions from this exam

Question 923

A company has set up a multi-account AWS environment by using AWS Control Tower. Each AWS account that AWS Control Tower creates has its own VPC.

The company is developing an application that will integrate with many microservices. The company has designated a specific account to host the application. The company will deploy the microservices on Amazon EC2 instances and will implement the microservices across multiple AWS accounts.

The microservices require a high degree of interconnectivity. The company needs a solution that will give the application the ability to communicate privately with the microservices. The solution also must minimize cost and operational overhead.

Which solution will meet these requirements?

Use AWS VPN CloudHub to connect the application VPC to all the other VPCs. Use a virtual private gateway to provide traffic flow between all the VPCs.

Create VPC peering connections between the application VPC and all the other VPCs. Update the security groups and route tables to allow traffic flow between all the VPCs.

Create a transit gateway in the application account. Attach the application VPC and all the other VPCs to the transit gateway. Create a transit gateway route table to direct traffic between the VPCs.

Share the application VPC with the other AWS accounts by using AWS Resource Access Manager (AWS RAM). Deploy the microservices in the shared VPC.

Correct Answer: C

The company requires a solution that enables private communication between the application and microservices across multiple AWS accounts while minimizing cost and operational overhead. The use of AWS VPN CloudHub and VPC peering would typically involve higher costs and more complex configuration. Notably, sharing a VPC via AWS Resource Access Manager (AWS RAM) is inaccurate because AWS RAM can only share subnets, not entire VPCs. The optimal solution is to create a transit gateway in the application account and attach the application VPC along with all other VPCs to the transit gateway. This setup will facilitate seamless, scalable communication across all VPCs with centralized management, ensuring minimal operational overhead and cost. Thus, using a transit gateway aligns with the requirements specified.

Discussion

wassbOption: C

You cannot share a VPC but subnets of the VPC. i will go for C

Rocketeer

I think D - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html

Rocketeer

Changing to B. VPC peering is cheaper than transit gateway.

Rocketeer

Could not edit my response. If we see from cost perspective, option D is still the cheapest. Hence I am leaning back to D.

ggrodskiy

Correct C.

SkyZeroZxOption: D

https://aws.amazon.com/es/blogs/architecture/using-vpc-sharing-for-a-cost-effective-multi-account-microservice-architecture/

vn_thanhtung

RAM can not share VPC

zozza2023Option: C

i will go for C

masetromainOption: C

C. Create a transit gateway in the application account. Attach the application VPC and all the other VPCs to the transit gateway. Create a transit gateway route table to direct traffic between the VPCs. This solution would allow for communication between the application VPC and all other VPCs, providing the necessary interconnectivity for the microservices. Additionally, using a transit gateway would minimize cost and operational overhead, as it allows for central management of network traffic flow and eliminates the need for a separate VPN connection or VPC peering connection for each VPC.

SureNotOption: C

The microservices require a high degree of interconnectivity C - fits well B - VPC Peering is not transitive D - you can't share VPC, only subnets

WhyIronManOption: D

D https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html

3a632a3Option: D

Read the blog that others have posted, it covers every requirement and explains how the other options are more costly. https://aws.amazon.com/es/blogs/architecture/using-vpc-sharing-for-a-cost-effective-multi-account-microservice-architecture/

marszalekm

This a bit tricky, depends what author of the questions had in mind but generally you cannot share VPC itself, you can share subnets. https://repost.aws/knowledge-center/vpc-share-subnet-with-another-account Tt the same time AWS uses phrase "share VPC" https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html I love such questions :)

yama234

D keyword is "a high degree of interconnectivity". Network Load Balancers in a shared VPC (using AWS RAM) is solution. https://aws.amazon.com/blogs/architecture/using-vpc-sharing-for-a-cost-effective-multi-account-microservice-architecture/

dev112233xxOption: D

D is 100% the solution and it's also has no costs. no need to use TGW or Peering.

andras

technically we share subnets... but according to AWS terminology: Share your VPC with other accounts......https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html

andras

and one more: You can share non-default subnets with other accounts within your organization.

zozza2023

can't be D as we can't share vpc (we share subnet)

SureNotOption: B

Why not B??? The cheap and simple option

Koloseum198020

https://aws.amazon.com/blogs/architecture/using-vpc-sharing-for-a-cost-effective-multi-account-microservice-architecture/

alnadanOption: D

D Please read this: https://aws.amazon.com/blogs/architecture/using-vpc-sharing-for-a-cost-effective-multi-account-microservice-architecture/

mrgreatness

I'm going D because there is an AWS blog about this and alot of exam questions are formed from blogs written by SA. D works and is cheaper option. So will go for D