Question #1523
A company operates numerous VPCs across hundreds of AWS accounts within the us-west-2 region. The network administration team has a dedicated AWS account to oversee all network infrastructure. What is the MOST operationally efficient method to enable private communication between these VPCs?
Establish VPC peering connections between every pair of VPCs and update route tables accordingly.
Implement internet gateways in each VPC and route traffic through the public internet with encryption.
Create an AWS Transit Gateway in the network team's account and attach each VPC to it, propagating routes dynamically.
Deploy AWS VPN connections from each VPC to a central virtual appliance in the network team's account.
Explanation
Option C is correct because AWS Transit Gateway simplifies private communication across hundreds of VPCs and accounts by acting as a centralized hub. It allows VPCs to attach to the Transit Gateway, dynamically propagating routes without manual configuration. This approach scales efficiently and reduces administrative overhead.
Why other options are incorrect:
- A: VPC peering requires creating a full mesh of connections (n*(n-1)/2), which is impractical for hundreds of VPCs.
- B: Using public internet with encryption exposes traffic to external risks and adds latency, contradicting the requirement for private communication.
- D: VPN connections to a central appliance are operationally intensive to manage at scale and rely on third-party virtual appliances, unlike the fully managed Transit Gateway.
Key Points:
- Transit Gateway supports cross-account VPC attachments and dynamic routing.
- It eliminates the need for complex peering relationships or VPNs.
- Centralized management aligns with the network team's dedicated account structure.
Answer
The correct answer is: C