Question #1467
A company has two VPCs named Development and Testing. The Development VPC uses a virtual private gateway with two AWS Direct Connect connections to link to an on-premises data center. The Testing VPC relies on a VPN connection through a single customer gateway device. The Development and Testing VPCs are interconnected via a single VPC peering connection to facilitate communication between their respective applications.
What should a solutions architect recommend to eliminate any single point of failure in this architecture?
Establish an additional VPN connection between the Development and Testing VPCs.
Deploy a second virtual private gateway and attach it to the Testing VPC.
Implement a second VPN connection for the Testing VPC using another customer gateway device.
Create a second VPC peering connection between the Development and Testing VPCs.
Explanation
The Testing VPC's architecture uses a single customer gateway device for its VPN connection, which is a single point of failure. Option C addresses this by recommending a second VPN connection using another customer gateway device, ensuring high availability.
Other options are incorrect because:
- A: Adding a VPN between Development and Testing VPCs does not resolve the Testing VPC's reliance on a single customer gateway.
- B: The Testing VPC uses a customer gateway, not a virtual private gateway, so deploying a second virtual private gateway is irrelevant.
- D: VPC peering connections are one-to-one; creating a second peering connection between the same VPCs is not possible and does not address the VPN redundancy issue.
Key Points:
1. Customer gateways (on-premises devices) must be redundant for VPN high availability.
2. VPC peering does not support multiple connections between the same two VPCs.
3. Direct Connect connections are already redundant in the Development VPC.
Answer
The correct answer is: C