Q3 — AWS ANS-C01 Ch.1
Question 3 of 100 | ← Chapter 1
A company is migrating its containerized application to AWS. For the architecture the company will have an ingress VPC with a Network Load Balancer (NLB) to distribute the traffic to front-end pods in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The front end of the Application will determine which user is requesting access and will send traffic to 1 of 10 services VPCs. Each services VPC will include an NLB That distributes traffic to the services pods in an EKS cluster. The company is concerned about overall cost. User traffic will be responsible for more than 10 TB of data transfer from the ingress VPC to Services VPCs every month. A network engineer needs to recommend how to design the communication between the VPCs. Which solution will meet these requirements at the LOWEST cost?
- A. Create a transit gateway. Peer each VPC to the transit gateway. Use zonal DNS names for the NLB in the services VPCs to minimize crossAZ traffic from the ingress VPC to the services VPCs.
- B. Create an AWS PrivateLink endpoint in every Availability Zone in the ingress VPC. Each PrivateLink endpoint will point to the zonal DNS Entry of the NLB in the services VPCs.
- C. Create a VPC peering connection between the ingress VPC and each of the 10 services VPCs. Use zonal DNS names for the NLB in the Services VPCs to minimize cross-AZ traffic from the ingress VPC to the services VPCs. ✓
- D. Create a transit gateway. Peer each VPC to the transit gateway. Turn off cross-AZ load balancing on the transit gateway. Use Regional DNS Names for the NLB in the services VPCs.
Correct Answer: C. Create a VPC peering connection between the ingress VPC and each of the 10 services VPCs. Use zonal DNS names for the NLB in the Services VPCs to minimize cross-AZ traffic from the ingress VPC to the services VPCs.
Explanation
AWS VPC对等连接在相同区域内的数据传输不产生费用,而Transit Gateway和PrivateLink均涉及每GB的数据传输成本。VPC对等连接直接建立入口VPC与每个服务VPC之间的私有连接,无需中间网关,结合使用NLB的可用区DNS名称避免跨可用区流量费用。选项C通过消除中间服务成本以及跨可用区流量,在10 TB以上大规模数据传输场景下成本最低。选项A和D的Transit Gateway涉及数据传输费,选项B的PrivateLink端点按小时计费且处理数据收费。AWS官方文档指出VPC对等连接适用于需要简单、低成本、同区域VPC通信的场景。