Topic 1 Question 181
A company is designing its network configuration in the AWS Cloud. The company uses AWS Organizations to manage a multi-account setup. The company has three OUs. Each OU contains more than 100 AWS accounts. Each account has a single VPC, and all the VPCs in each OU are in the same AWS Region.
The CIDR ranges for all the AWS accounts do not overlap. The company needs to implement a solution in which VPCs in the same OU can communicate with each other but cannot communicate with VPCs in other OUs.
Which solution will meet these requirements with the LEAST operational overhead?
Create an AWS CloudFormation stack set that establishes VPC peering between accounts in each OU. Provision the stack set in each OU.
In each OU, create a dedicated networking account that has a single VPC. Share this VPC with all the other accounts in the OU by using AWS Resource Access Manager (AWS RAM). Create a VPC peering connection between the networking account and each account in the OU.
Provision a transit gateway in an account in each OU. Share the transit gateway across the organization by using AWS Resource Access Manager (AWS RAM). Create transit gateway VPC attachments for each VPC.
In each OU, create a dedicated networking account that has a single VPC. Establish a VPN connection between the networking account and the other accounts in the OU. Use third-party routing software to route transitive traffic between the VPCs.
ユーザの投票
コメント(15)
- 正解だと思う選択肢: C
The solution that will meet the requirements with the least operational overhead is Option C. Provision a transit gateway in an account in each OU. Share the transit gateway across the organization by using AWS Resource Access Manager (AWS RAM). Create transit gateway VPC attachments for each VPC.
This solution allows VPCs in the same OU to communicate with each other through the transit gateway while preventing communication with VPCs in other OUs. It also minimizes operational overhead by leveraging the transit gateway’s ability to route traffic between multiple VPCs and AWS RAM’s ability to share resources across accounts.
👍 4OCHT2023/04/23 - 正解だと思う選択肢: C
Answer is C
👍 3AzureBP2023/04/22 - 正解だと思う選択肢: C
A: CloudFormation StackSets is provision per account not per OU. B: Maximum VPC peering is 125 (Hard Limit) C (Correct): Sharing Transit Gateway, yes sharing the TGW will be shared per OU put routing between VPC can be handled through the route tables. D: No sense as using third party solution, which can be done by AWS services.
👍 3AMEJack2023/05/07
シャッフルモード