Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 810 discussion

Pour yourself a cold beer, when you get to this question, its been a very long run

PrivateLink: AWS PrivateLink enables secure and private access to resources (like RDS) across accounts and VPCs using interface endpoints. It avoids exposing the database to the internet. NLB: A Network Load Balancer acts as the integration point for PrivateLink. The vendor's NLB will route traffic to the RDS database. VPC Without Internet Gateway: PrivateLink works even if the company's VPC does not have an internet gateway because communication occurs over private AWS infrastructure. Option A, B, and D all mention VPC Peering, but it doesn't enable direct access to RDS without additional routing or security configurations.

AnswerC AWS PrivateLink enables you to connect to some AWS services, services hosted by other AWS accounts (referred to as endpoint services), and supported AWS Marketplace partner services, via private IP addresses in your VPC. The interface endpoints are created directly inside of your VPC, using elastic network interfaces and IP addresses in your VPC’s subnets. That means that VPC Security Groups can be used to manage access to the endpoints. https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-privatelink.html

https://aws.amazon.com/blogs/database/access-amazon-rds-across-vpcs-using-aws-privatelink-and-network-load-balancer/

I think i go for C, because if you exclude Dirct connect, VPN and GW so only C is available. but create an NLB zo do not want provision a transit GW sounds weird to me

Private link: Does not require VPC linking: NO Internet Gateway, NO NAT GAteway, No Route table Needs NLB on Service VPC, and ENI on the Customer VPC

D You can peer both intra-Region and inter-Region transit gateways, and route traffic between them, which includes IPv4 and IPv6 traffic. To do this, create a peering attachment on your transit gateway, and specify a transit gateway. The peer transit gateway can be in your account or a different AWS account. After you create a peering attachment request, the owner of the peer transit gateway (also referred to as the accepter transit gateway) must accept the request. To route traffic between the transit gateways, add a static route to the transit gateway route table that points to the transit gateway peering attachment. https://docs.aws.amazon.com/vpc/latest/tgw/tgw-peering.html

D does not involve internet. But TGW is unnecessary. A is more simple and clear.

AWS PrivateLink: AWS PrivateLink enables you to privately access services hosted on AWS in a highly available and scalable manner. With PrivateLink, you can access the vendor's RDS for MySQL instance securely without exposing it to the public internet. The vendor can create a VPC endpoint for RDS within their own VPC, which acts as an entry point for accessing the RDS instance. This endpoint can then be shared with the company. The company can create a VPC endpoint service in their VPC and accept the endpoint connection request from the vendor. This allows the company's resources to communicate with the RDS instance securely through PrivateLink.

C is correct: https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-securely-publish-internet-applications-at-scale-using-application-load-balancer-and-aws-privatelink/

Plz commit the previous comment, A involve- Direct connect B involve - peering required same region D involve - uses internet gateway

No internet gateway XD No Direct connect XC No Peering XB

Shouldn't it be D?