Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 17 discussion

A. Provision a Direct Connect gateway. Delete the existing private virtual interface from the existing connection. Create the second Direct Connect connection. Create a new private virtual interface on each connection, and connect both private virtual interfaces to the Direct Connect gateway. Connect the Direct Connect gateway to the single VPC. This solution provides a redundant Direct Connect connection in the same Region by creating a new private virtual interface on each connection, and connecting both private virtual interfaces to a Direct Connect gateway. The Direct Connect gateway is then connected to the single VPC. This solution also allows the company to expand into other Regions while providing connectivity through the same pair of Direct Connect connections. The Direct Connect Gateway allows you to connect multiple VPCs and on-premises networks in different accounts and different regions to a single Direct Connect connection. It also provides automatic failover and routing capabilities.

What I don't understand is why do you need to delete the existing private VIF? Can't that be reassigned?

'must provide connectivity to other Regions through the same pair of Direct Connect connections'= Direct Connect gateway

Option A - This option might work however it is missing a step: Connecting the Direct Connect Gateway to a Virtual Private Gateway in the single VPC (and any VPC in a new region) Option B - This option will not work: It does not allow to grow into new regions and it does not create a redundant link Option C - This option will not work: Using a Public Virtual interface does not connect VPC resources to on-premise Option D - This option might work however it missing multiple steps: Each VPC will require its own Transit Gateway. Each Transit Gateway will connect through an association with Direct Connect gateway. Each Direct Connect connection will connect to the Direct Connect Gateway using a Transit VIF

I have to admit that initially I picked a wrong answer, here is my findings after some docs browsing: Not B as this will provide Direct Connect (DX) redundancy but does not provide connectivity to other Regions Not C as this will not even provide DX redundancy for the VPC because the public VIF on the new connection does not provide access to the VPC Not D as Transit Gateway (TGW) is a regional resources and does not allows to provide connectivity to other Regions (you can peer with a TGW in another Region). Also you need to have a Transit virtual interface to connect a DX to a TGW or you need to have DXGW to connect a VIF to a TGW. A is correct as a DXGW is a global resources that allows cross-region attachments

A. Provision a Direct Connect gateway. Delete the existing private virtual interface from the existing connection. Create the second Direct Connect connection. Create a new private virtual interface on each connection, and connect both private virtual interfaces to the Direct Connect gateway. Connect the Direct Connect gateway to the single VPC.

Private Virtual Interface is a logical connection between your Direct Connect connection and a Direct Connect gateway. It is a virtual representation of the physical connection and allows you to establish connectivity to the VPCs associated with the Direct Connect gateway.

A Because “Transit GW can also communicate from on-premises to AWS, but this one uses Site to Site VPN (IPSec VPN).“

Answer A. DCGW is the only option here as it supports both DC connections plus allows expansion into other regions. TGW does not span regions.

multiple regions - dx gateway

None of the options seem to satisfy the condition "Solution must provide connectivity to other regions through same pair of Direct Connect Connections. In both option A and D, we don't talk of associating second region VPC to the Transit GW or Direct Connect GW.

https://aws.amazon.com/blogs/aws/new-aws-direct-connect-gateway-inter-region-vpc-access/

It's A. D is not suported

A keyword === Direct Connect gateway

A. Is the Correct Option as Direct Connect Gateway with Private Virtual Interface will meet the requirement

Provision a Direct Connect gateway.

Logical answer : B and C are good for existing architecture in question. But with redundant DX connection requirement, only solution is Gateway. that resolves to A(Direct connect gateway) or D(Transit gateway), but D as transit gateway is wrong because it mentions private interfaces connecting with transit gateway which is weird [usually VPC attachments are made connecting transit gateway]. So answer is A - Direct Connect Gateway. (Infact, this is future proof when we want different VPCs in different regions later with this architecture)