Logo
AWS Certified Solutions Architect - Professional / Question #744 of 529

Question #744

A solutions architect is designing an AWS environment for an organization with multiple independent business units, each operating in separate AWS accounts within the same Region. The organization requires a VPC connected to their on-premises network, with total traffic not exceeding 50 Mbps. Which combination of steps provides the MOST cost-effective solution? (Choose two.)

D

Use AWS Site-to-Site VPN for connectivity to the on-premises network.
A

Use AWS Direct Connect for on-premises connectivity and deploy separate VPCs in each account using AWS CloudFormation.
B

Create a VPC using AWS CloudFormation in a central account and share the subnets with other accounts via AWS Resource Access Manager.
C

Implement AWS Transit Gateway with an AWS Site-to-Site VPN connection and share the Transit Gateway across accounts using AWS Resource Access Manager.
E

Provision a shared VPC in a central account, share it via AWS Resource Access Manager, and use AWS Direct Connect for on-premises connectivity.

Explanation

The organization requires a cost-effective solution for connecting multiple AWS accounts to an on-premises network with ≤50 Mbps traffic.

- Option B allows creating a central VPC and sharing its subnets across accounts via AWS Resource Access Manager (RAM), eliminating the need for separate VPCs per account. This reduces management overhead and costs.
- Option D uses AWS Site-to-Site VPN, which is cheaper than AWS Direct Connect for low-bandwidth requirements (≤50 Mbps). Direct Connect involves higher fixed costs for dedicated connections, making VPN more economical.

Why other options are incorrect:
- A: Direct Connect is overkill for low bandwidth and increases costs. Separate VPCs per account add redundancy.
- C: Transit Gateway incurs per-attachment/data processing fees, increasing costs compared to a shared VPC.
- E: Direct Connect is unnecessarily expensive for this use case.

Key Points:
1. Use Site-to-Site VPN for low-bandwidth, cost-sensitive on-premises connectivity.
2. Shared VPCs via RAM reduce infrastructure duplication and costs.

Answer

The correct answer is: BD