Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 6 discussion

The correct answer is A and B. Option A, deploying the SaaS service endpoint behind a Network Load Balancer (NLB), allows the provider to present a single IP address to customers, while maintaining a highly available and scalable architecture. This is achieved by mapping the NLB's IP address to the SaaS service endpoint. Option B, configuring an endpoint service, enables customers to connect to the SaaS service endpoint using their own private IP addresses. This allows customers to avoid IP address overlap with the provider's AWS deployment and provides a secure, private connection to the SaaS service without traversing the internet.

A&B: https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-saas.html

AB are the correct answers. Ideal use case for VPC service endpoint (PrivateLink)

A and B that is the configuration to setup a private link

Answer are A and B D cant be the answer as per https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations, You cannot create a VPC peering connection between VPCs that have matching or overlapping IPv4 or IPv6 CIDR blocks.

I think that it's correct answer is AB according to SPOTO products.

I think that It's correct answer is AB according to SPOTO products.

I think that it's correcty answer is A & B.

With a PrivateLink, you can expose your own services to another VPC. But you can not choose the ALB as an endpoint for PrivateLink. Instead, Use the NLB for the PrivateLink.

The correct answer is A and B

The correct answer is A and B. Option A, deploying the SaaS service endpoint behind a Network Load Balancer (NLB), allows the provider to present a single IP address to customers, while maintaining a highly available and scalable architecture. This is achieved by mapping the NLB's IP address to the SaaS service endpoint. Option B, configuring an endpoint service, enables customers to connect to the SaaS service endpoint using their own private IP addresses. This allows customers to avoid IP address overlap with the provider's AWS deployment and provides a secure, private connection to the SaaS service without traversing the internet.

this is standard use case of privatelink

The correct choices are: A. Deploy the SaaS service endpoint behind a Network Load Balancer. B. Configure an endpoint service, and grant the customers permission to create a connection to the endpoint service. The problem here is that there is an IP address overlap between the SaaS provider's deployment and the customers' environments. Given this, we need a solution that allows private connectivity without the need for specific IP addresses. Deploying the SaaS service behind a Network Load Balancer (NLB) will allow the service to scale and handle traffic in a reliable way. Also, NLB supports IP targets, which would allow the SaaS service to connect directly to the EC2 instances. AWS PrivateLink, which includes endpoint services, provides private connectivity between VPCs, AWS services, and on-premises applications, without exposing the traffic to the public internet. This is precisely the functionality we need in this scenario. When we create an endpoint service, the customers can create a connection to the service, which allows them to connect to the SaaS application privately.

The trick here is C, D, and E require sharing internal IP. https://aws.amazon.com/blogs/networking-and-content-delivery/connecting-networks-with-overlapping-ip-ranges/

I chose C instead of A, because "Elastic Load Balancing now supports forwarding traffic directly from Network Load Balancer (NLB) to Application Load Balancer (ALB). With this feature, you can now use AWS PrivateLink and expose static IP addresses for applications built on ALB." https://aws.amazon.com/about-aws/whats-new/2021/09/application-load-balancer-aws-privatelink-static-ip-addresses-network-load-balancer/

A&B are correct ones

Deploying the SaaS service endpoint behind a Network Load Balancer (NLB) allows for better scalability and performance, while also supporting connections from AWS PrivateLink, which can provide secure access to the SaaS service without crossing the public internet. Configuring an endpoint service and granting the customers permission to create a connection to the endpoint service allows the customers to access the SaaS service securely and privately through AWS PrivateLink. This ensures that the traffic does not traverse the public internet and does not require sharing internal IP addresses, while also handling IP address overlaps.