Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 6 discussion

The correct answer is A and B. Option A, deploying the SaaS service endpoint behind a Network Load Balancer (NLB), allows the provider to present a single IP address to customers, while maintaining a highly available and scalable architecture. This is achieved by mapping the NLB's IP address to the SaaS service endpoint. Option B, configuring an endpoint service, enables customers to connect to the SaaS service endpoint using their own private IP addresses. This allows customers to avoid IP address overlap with the provider's AWS deployment and provides a secure, private connection to the SaaS service without traversing the internet.

A&B: https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-saas.html

AB are the correct answers. Ideal use case for VPC service endpoint (PrivateLink)

A and B that is the configuration to setup a private link

Answer are A and B D cant be the answer as per https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations, You cannot create a VPC peering connection between VPCs that have matching or overlapping IPv4 or IPv6 CIDR blocks.

I think that it's correct answer is AB according to SPOTO products.

I think that It's correct answer is AB according to SPOTO products.

I think that it's correcty answer is A & B.

With a PrivateLink, you can expose your own services to another VPC. But you can not choose the ALB as an endpoint for PrivateLink. Instead, Use the NLB for the PrivateLink.

The correct answer is A and B

The correct answer is A and B. Option A, deploying the SaaS service endpoint behind a Network Load Balancer (NLB), allows the provider to present a single IP address to customers, while maintaining a highly available and scalable architecture. This is achieved by mapping the NLB's IP address to the SaaS service endpoint. Option B, configuring an endpoint service, enables customers to connect to the SaaS service endpoint using their own private IP addresses. This allows customers to avoid IP address overlap with the provider's AWS deployment and provides a secure, private connection to the SaaS service without traversing the internet.

this is standard use case of privatelink

The correct choices are: A. Deploy the SaaS service endpoint behind a Network Load Balancer. B. Configure an endpoint service, and grant the customers permission to create a connection to the endpoint service. The problem here is that there is an IP address overlap between the SaaS provider's deployment and the customers' environments. Given this, we need a solution that allows private connectivity without the need for specific IP addresses. Deploying the SaaS service behind a Network Load Balancer (NLB) will allow the service to scale and handle traffic in a reliable way. Also, NLB supports IP targets, which would allow the SaaS service to connect directly to the EC2 instances. AWS PrivateLink, which includes endpoint services, provides private connectivity between VPCs, AWS services, and on-premises applications, without exposing the traffic to the public internet. This is precisely the functionality we need in this scenario. When we create an endpoint service, the customers can create a connection to the service, which allows them to connect to the SaaS application privately.

I chose C instead of A, because "Elastic Load Balancing now supports forwarding traffic directly from Network Load Balancer (NLB) to Application Load Balancer (ALB). With this feature, you can now use AWS PrivateLink and expose static IP addresses for applications built on ALB." https://aws.amazon.com/about-aws/whats-new/2021/09/application-load-balancer-aws-privatelink-static-ip-addresses-network-load-balancer/

A&B are correct ones

Deploying the SaaS service endpoint behind a Network Load Balancer (NLB) allows for better scalability and performance, while also supporting connections from AWS PrivateLink, which can provide secure access to the SaaS service without crossing the public internet. Configuring an endpoint service and granting the customers permission to create a connection to the endpoint service allows the customers to access the SaaS service securely and privately through AWS PrivateLink. This ensures that the traffic does not traverse the public internet and does not require sharing internal IP addresses, while also handling IP address overlaps.

From: https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-share-your-services.html > " As the service provider, you create a Network Load Balancer in your VPC as the service front end. You then select this load balancer when you create the VPC endpoint service configuration. You grant permission to specific AWS principals so that they can connect to your service. As a service consumer, the customer creates an interface VPC endpoint, which establishes connections between the subnets that they select from their VPC and your endpoint service." ALB (C) isn't an option offered by AWS because private link requires NLB. VPC peering (D) and Transit Gateway (E) requires knowing the customers IP addresses that the customer is not willing to share.