Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 237 discussion

A VPC peering connection allows secure communication between instances in different VPCs using private IP addresses without the need for internet gateways, VPN connections, or NAT devices. By setting it up, the application running in VPC-A can directly access the EC2 in VPC-B without going through the public internet or any single point of failure. B is incorrect because VPC gateway endpoints are used for accessing S3 or DynamoDB from a VPC without going over the internet. They are not designed for establishing connectivity between EC2 instances in different VPCs. C is incorrect because it would require configuring a VPN connection between the VPCs. This would introduce additional complexity and potential single points of failure. D is incorrect because creating a private VIF and adding routes would be applicable for establishing a direct connection between on-premises infrastructure and VPC-B using Direct Connect, but it is not suitable for the scenario of communication between EC2 instances in separate VPCs within different AWS accounts.

AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck. https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

VPC peering is the most suitable here.

You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. Peering within the same AZ is free of charge.

I get a little confused about B and A but, because, with a VPC endpoint in B it will work too access from A.

B is wrong because "VPC gateway endpoint" is for S3 or DynamoDB, not EC2 C is overkill, would require a second gateway in VPC-A, not be HA and have limited bandwidth D is wrong because VIF is for Direct Connect, has nothing to do with VPC-to-VPC communication

AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck. https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

A. Set up a VPC peering connection between VPC-A and VPC-B

https://www.bing.com/search?pglt=41&q=can+we+do+VPC+peering+across+AWS+accounts&cvid=48a8ceecc85a429c9ddd698b01055890&aqs=edge..69i57j0l8j69i11004.10897j0j1&FORM=ANNAB1&PC=LCTS

D, VPC PEERINGVIS IN SAME ACCOUNT

DDDDDDDDDDDDDD

"You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account." https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

correct answer is A and as mentioned by JayBee65 below, key reason being that solution should not have a single point of failure and bandwidth restrictions the following paragraph is taken from the AWS docs page linked below that backs this up "AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck." https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

A VPC endpoint gateway to the EC2 Instance is more specific and more secure than forming a VPC peering that exposes the whole of the VPC infrastructure just for one connection.

Correct answer is A

VPC peering allows resources in different VPCs to communicate with each other as if they were within the same network. This solution would establish a direct network route between VPC-A and VPC-B, eliminating the need for a single point of failure or bandwidth concerns.

https://www.examtopics.com/discussions/amazon/view/27763-exam-aws-certified-solutions-architect-associate-saa-c02/