Question #1829
A company requires access to an Amazon RDS for PostgreSQL database hosted in a vendor's AWS account. The company's VPC lacks an internet gateway, AWS Direct Connect, and a Site-to-Site VPN connection. The vendor's VPC is similarly configured without these connectivity options. Which solution securely enables the company to access the vendor's database?
Instruct the vendor to establish an AWS Direct Connect Hosted Connection. Use VPC peering to link the company's VPC with the vendor's VPC.
Set up a Site-to-Site VPN connection between the company's VPC and the vendor's VPC. Use VPC peering to establish connectivity.
Direct the vendor to deploy a Network Load Balancer (NLB) in front of the RDS instance. Utilize AWS PrivateLink to connect the company's VPC to the vendor's VPC.
Use AWS Transit Gateway to interconnect both VPCs. Establish VPC peering between the company's VPC and the vendor's VPC.
Explanation
Option C is correct because AWS PrivateLink enables private connectivity between VPCs without exposing traffic to the public internet. The vendor deploys a Network Load Balancer (NLB) to front the RDS instance, and the company uses PrivateLink to create an endpoint in their VPC, allowing secure access to the database. This solution does not require internet gateways, VPNs, or Direct Connect, which aligns with the constraints of both VPCs.
Other options are incorrect:
- A: Direct Connect requires dedicated network infrastructure and is not available in the company's VPC.
- B: Site-to-Site VPN requires internet gateways or virtual private gateways, which are not present.
- D: Transit Gateway requires VPC attachments and routing configurations, which are not feasible without existing connectivity options.
Key Points:
1. PrivateLink provides secure, private VPC-to-VPC connectivity.
2. NLB + PrivateLink avoids public internet exposure.
3. No internet gateway, VPN, or Direct Connect is needed.
Answer
The correct answer is: C