Topic 1 Question 42
A company is migrating its containerized application to AWS. For the architecture the company will have an ingress VPC with a Network Load Balancer (NLB) to distribute the traffic to front-end pods in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The front end of the application will determine which user is requesting access and will send traffic to 1 of 10 services VPCs. Each services VPC will include an NLB that distributes traffic to the services pods in an EKS cluster. The company is concerned about overall cost. User traffic will be responsible for more than 10 TB of data transfer from the ingress VPC to services VPCs every month. A network engineer needs to recommend how to design the communication between the VPCs. Which solution will meet these requirements at the LOWEST cost?
Create a transit gateway. Peer each VPC to the transit gateway. Use zonal DNS names for the NLB in the services VPCs to minimize cross-AZ traffic from the ingress VPC to the services VPCs.
Create an AWS PrivateLink endpoint in every Availability Zone in the ingress VPC. Each PrivateLink endpoint will point to the zonal DNS entry of the NLB in the services VPCs.
Create a VPC peering connection between the ingress VPC and each of the 10 services VPCs. Use zonal DNS names for the NLB in the services VPCs to minimize cross-AZ traffic from the ingress VPC to the services VPCs.
Create a transit gateway. Peer each VPC to the transit gateway. Turn off cross-AZ load balancing on the transit gateway. Use Regional DNS names for the NLB in the services VPCs.
ユ�ーザの投票
コメント(9)
- 正解だと思う選択肢: C
C - seems the right one.
VPC peering offers the lowest overall cost when compared to other options for inter-VPC connectivity. https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/vpc-to-vpc-connectivity.html
There is no such thing as "TG peering"; there are VPC peering and TG attachments.
👍 5titi_r2023/03/26 VPC cannot be peered but attached to Transit Gateway (Either it can be VPC peering or Transit Gateway peering). Additionally, Transit Gateway has its own cost including hourly cost of attachment + Data transfer. PrivateLink resolves the cost problem of high volume of data transfer & is a easy way for ingress VPC to route traffic based on Endpoint service exposed. Also, minimize cross-AZ traffic by using zonal DNS names for the NLB is addressed in this scenario. It should be Option B)
👍 3study_aws12023/03/21- 正解だと思う選択肢: C
Considering cost C, is the ideal solution
👍 3ITgeek2023/04/03
シャッフルモード