Transit gateway attachment configuration

0

A company operates a fleet of servers on premises and operates a fleet of Amazon EC2 instances in its organization in AWS Organizations. The company's AWS accounts contain hundreds of VPCs. The company wants to connect its AWS accounts to its on-premises network. AWS Site-to-Site VPN connections are already established to a single AWS account. The company wants to control which VPCs can communicate with other VPCs.

Which combination of steps will achieve this level of control with the LEAST operational effort? (Choose three.)

A. Create a transit gateway in an AWS account. Share the transit gateway across accounts by using AWS Resource Access Manager (AWS RAM).

B. Configure attachments to all VPCs and VPNs.

C. Setup transit gateway route tables. Associate the VPCs and VPNs with the route tables.

D. Configure VPC peering between the VPCs.

E. Configure attachments between the VPCs and VPNs.

F. Setup route tables on the VPCs and VPNs.

Isaac
asked 9 days ago49 views
3 Answers
3
Accepted Answer

Hello.

To achieve connectivity between on-premises networks and AWS accounts, while controlling communication between VPCs with minimal operational effort.

A. Create a transit gateway in an AWS account. Share the transit gateway across accounts by using AWS Resource Access Manager (AWS RAM).

  • Creating a single transit gateway allows you to centralize the connection between your VPCs and on-premises network. Sharing the transit gateway across multiple AWS accounts using AWS RAM simplifies the process of connecting VPCs across accounts.

B. Configure attachments to all VPCs and VPNs.

  • After creating the transit gateway, you need to attach the VPCs and Site-to-Site VPN connections to the transit gateway. This enables communication between your on-premises network and the VPCs.

C. Setup transit gateway route tables. Associate the VPCs and VPNs with the route tables.

  • Transit gateway route tables allow you to control the routing between VPCs and on-premises networks. By associating specific VPCs and VPNs with appropriate route tables, you can control which VPCs can communicate with each other and with your on-premises network.

https://000020.awsstudygroup.com/4-transigatewayattachments/

https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html

https://docs.aws.amazon.com/vpc/latest/peering/working-with-vpc-peering.html

EXPERT
answered 9 days ago
profile picture
EXPERT
reviewed 9 days ago
profile picture
EXPERT
Sandeep
reviewed 9 days ago
1

Hello.

I thought that options A, B, and C were correct.
VPC peering cannot connect hundreds of VPCs due to quota limitations.
A maximum of 125 VPC peerings can be configured in one VPC.
Also, I think options E and F are wrong choices because they probably explain a single Site to Site VPN.
https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-connection-quotas.html

profile picture
EXPERT
answered 9 days ago
profile picture
EXPERT
reviewed 9 days ago
profile pictureAWS
EXPERT
reviewed 9 days ago
0

hello...isaac

To connect your on-premises network to your VPCs with the least operational effort and to control VPC communication, the best combination of steps would be:

1. Create a transit gateway in an AWS account. Share the transit gateway across accounts by using AWS Resource Access Manager (AWS RAM).

2. Configure attachments to all VPCs and VPNs.

3. Setup transit gateway route tables. Associate the VPCs and VPNs with the route tables.

These steps allow centralized routing and control over which VPCs can communicate, avoiding the complexity and limitations of VPC peering and individual VPC route tables.

https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-connection-quotas.html

profile picture
EXPERT
answered 9 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions