ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 54 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 54
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company has deployed an API in a VPC behind an internet-facing Application Load Balancer (ALB). An application that consumes the API as a client is deployed in a second account in private subnets behind a NAT gateway. When requests to the client application increase, the NAT gateway costs are higher than expected. A solutions architect has configured the ALB to be internal.
Which combination of architectural changes will reduce the NAT gateway costs? (Choose two.)

  • A. Configure a VPC peering connection between the two VPCs. Access the API using the private address.
  • B. Configure an AWS Direct Connect connection between the two VPCs. Access the API using the private address.
  • C. Configure a ClassicLink connection for the API into the client VPC. Access the API using the ClassicLink address.
  • D. Configure a PrivateLink connection for the API into the client VPC. Access the API using the PrivateLink address.
  • E. Configure an AWS Resource Access Manager connection between the two accounts. Access the API using the private address.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by malefin280 at June 1, 2020, 9:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BoniToe
Highly Voted 3 years, 7 months ago
A & D is correct. With RAM you cannot share the API Gateway, have look here: https://docs.aws.amazon.com/ram/latest/userguide/shareable.html With privatelink you can add the LB, thats the reason why LB is in the description and the API GW after the LB, another account and can than be used from the application.
upvoted 83 times
Dond
3 years, 7 months ago
Agreed A & D
upvoted 10 times
...
Kuruvi
3 years, 6 months ago
PrivateLink wont work with ALB.
upvoted 6 times
...
noahsark
3 years, 5 months ago
D is wrong. PrivateLink requires NLB, not ALB. https://stackoverflow.com/questions/61980351/is-it-possible-to-connect-to-internet-facing-alb-via-endpointsprivatelink
upvoted 7 times
Pravin3c
3 years, 5 months ago
ALB + PrivateLink https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-securely-publish-internet-applications-at-scale-using-application-load-balancer-and-aws-privatelink/ In this post we explore how you can combine PrivateLink with Application Load Balancer to publish web applications to the Internet without the need for proxies hosted on EC2 or VPC peering.
upvoted 3 times
noahsark
3 years, 5 months ago
In your answer, Configure a PrivateLink connection for the API into the client VPC. Access the API using the PrivateLink address. -> Should you access the API using the PrivateLink address? using ALB address? or using the NLB address?
upvoted 1 times
...
...
...
Pravin3c
3 years, 5 months ago
API are not shareable by RAM https://docs.aws.amazon.com/ram/latest/userguide/shareable.html
upvoted 3 times
muhsin
3 years, 4 months ago
no need to share api. we need to share the VPCs between AWS Accounts
upvoted 1 times
...
...
Load full discussion...
...
NaveedNZ
Highly Voted 3 years, 7 months ago
A & E to me..
upvoted 47 times
noahsark
3 years, 5 months ago
Most discussion points to A, D, or E. The good thing is maybe we can eliminate D as PrivateLink requires NLB, not ALB. https://stackoverflow.com/questions/61980351/is-it-possible-to-connect-to-internet-facing-alb-via-endpointsprivatelink So, agree with A and E.
upvoted 7 times
...
...
spring21
Most Recent 5 months ago
AWS PrivateLink works with Network Load Balancers (NLBs) and Application Load Balancers (ALBs)
upvoted 1 times
...
StacyY
1 year, 9 months ago
A & D, Route to IP Addresses In order to address these use cases, Application Load Balancers can now route traffic directly to IP addresses. These addresses can be in the same VPC as the ALB, a peer VPC in the same region, on an EC2 instance connected to a VPC by way of ClassicLink, or on on-premises resources at the other end of a VPN connection or AWS Direct Connect connection.
upvoted 1 times
...
deechean
1 year, 10 months ago
Selected Answer: DE
The hardest limitation is that the peered networks must not have any IP address space overlap. In the case, we don't know if we can use VPC peering or not. But PrivateLink should work.
upvoted 2 times
...
suppudad
2 years ago
Selected Answer: AD
ad is correct
upvoted 1 times
...
saints145
2 years, 4 months ago
DE because they are transitive.
upvoted 1 times
...
MassieMan
2 years, 4 months ago
Selected Answer: AD
When you establish peering relationships between VPCs across different AWS Regions, resources in the VPCs (for example, EC2 instances and Lambda functions) in different AWS Regions can communicate with each other using private IP addresses, without using a gateway, VPN connection, or network appliance. The traffic remains in the private IP space. https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html
upvoted 1 times
...
ogerber
2 years, 6 months ago
Selected Answer: AD
E is a distractor! you cant share resources when 2 accounts are not consolidated to same organization. Hence A+D.
upvoted 1 times
...
rac_sp
2 years, 7 months ago
Selected Answer: AE
I´m with the people on this question
upvoted 1 times
rac_sp
2 years, 7 months ago
sorry A & D
upvoted 1 times
...
...
naveenagurjara
2 years, 9 months ago
Selected Answer: AD
Which architectural improvements will result in the lowest NAT gateway costs? (Select two.) It is NOT asking for a combination. Just the possible options .. OR logic ... not AND logic.
upvoted 3 times
...
kristinita
3 years ago
A & E For A: A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. There is no charge to create a VPC peering connection. https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html For E: AWS Resource Access Manager allows you to easily and securely share AWS resources with any AWS account or if you are part of AWS organizations, with organizational units (OUs), or your entire organization. There is no additional charge for using AWS RAM. Services with resources you can share using AWS RAM: Amazon VPC, S3, 53, Aurora, etc. For these case, share with the VPCs https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html
upvoted 4 times
...
FF11
3 years, 3 months ago
Selected Answer: AD
My answer A&D
upvoted 2 times
...
tin2022
3 years, 3 months ago
AE AWS Private link is used to expose a application service to 1000's of VPC. You need NLB on the applicaton service and a ENI on the customer VPC side. ( based on Stephane Maarek Lectures)
upvoted 1 times
...
25dec_
3 years, 3 months ago
Selected Answer: AD
A, D for sure
upvoted 2 times
...
FF11
3 years, 4 months ago
A & D are correct
upvoted 1 times
...
muhsin
3 years, 4 months ago
A and D. no need to have RAM because VPC peering and PrivateLink provide multi-accounts connections.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago