Logo
AWS Certified Solutions Architect - Professional / Question #869 of 529

Question #869

A company manages an on-premises data center and multiple AWS accounts within AWS Organizations, each containing numerous VPCs. Existing AWS Site-to-Site VPN connections are configured in one account to link to the on-premises network. The company now needs to ensure only specific VPCs can communicate with each other across accounts while minimizing administrative overhead.

Which combination of steps will achieve this goal with the LEAST operational effort? (Choose three.)

A

Create a transit gateway in a central AWS account and share it with other accounts using AWS Resource Access Manager (AWS RAM).
B

Attach all relevant VPCs and VPN connections to the transit gateway.
C

Create and configure transit gateway route tables to manage traffic flow between attached VPCs and VPNs.
D

Establish VPC peering connections between all required VPC pairs.
E

Configure direct attachments between individual VPCs and VPN connections without a transit gateway.
F

Modify route tables in each VPC to manually define allowed communication paths.

Explanation

The correct answers are A, B, and C. Here's why:

- A: Creating a transit gateway in a central account and sharing it via AWS RAM allows all accounts to use the same gateway without manual reconfiguration, minimizing administrative effort.
- B: Attaching VPCs and VPN connections to the transit gateway centralizes connectivity, avoiding complex peering setups.
- C: Transit gateway route tables enable granular traffic control between VPCs and VPNs, ensuring only specified VPCs communicate.

Why other options are incorrect:
- D: VPC peering requires manual connections for each VPC pair, which is unscalable.
- E: Direct attachments without a transit gateway lack centralized management, increasing overhead.
- F: Manual route table modifications are error-prone and time-consuming.

Key Points:
- Use Transit Gateway + AWS RAM for cross-account VPC connectivity.
- Route tables control traffic flow between attached resources.
- Avoid manual configurations (peering, route tables) to reduce overhead.

Answer

The correct answer is: ABC