Topic 1 Question 97
A software-as-a-service (SaaS) company is migrating its private SaaS application to AWS. The company has hundreds of customers that connect to multiple data centers by using VPN tunnels. As the number of customers has grown, the company has experienced more difficulty in its effort to manage routing and segmentation of customers with complex NAT rules.
After the migration to AWS is complete, the company's AWS customers must be able to access the SaaS application directly from their VPCs. Meanwhile, the company's on-premises customers still must be able to connect through IPsec encrypted tunnels.
Which solution will meet these requirements?
Connect the AWS customer VPCs to a shared transit gateway. Use AWS Site-to-Site VPN connections to the transit gateway for the on-premises customers
Use AWS PrivateLink to connect the AWS customers. Use a third-party routing appliance in the SaaS application VPC to terminate onpremises Site-to-Site VPN connections.
Peer each AWS customer's VPCs to the VPC that hosts the SaaS application. Create AWS Site-to-Site VPN connections on the SaaS VPC virtual private gateway.
Use Site-to-Site VPN tunnels to connect each AWS customer's VPCs to the VPC that hosts the SaaS application. Use AWS Site-to-Site VPN to connect the on-premises customers.
ユーザの投票
コメント(7)
- 正解だと思う選択肢: B
You don't want to mess with customer's AWS VPC, whether via VPC peering or Transit gateway. The standard solution is always VPC endpoint with AWS Privatelink.
👍 9lygf2023/06/16 Should be A
👍 4Training2023/06/16B is the correct The is an adjustable limit of 50 with s2s vpn connections and customer gateways per Region. https://docs.aws.amazon.com/vpn/latest/s2svpn/vpn-limits.html Private link for connecting from customer's vpc and third party appliances for multiple s2s vpn connections with customers data centers seems to be the best solution
👍 3trap2023/06/24
シャッフルモード