Q9 — AWS ANS-C01 Ch.1
Question 9 of 100 | ← Chapter 1
A company has two AWS accounts one for Production and one for Connectivity. A network engineer needs to connect the Production account VPC To a transit gateway in the Connectivity account. The feature to auto accept shared attachments is not enabled on the transit gateway. Which set of steps should the network engineer follow in each AWS account to meet these requirements?
- A. In the Production account: Create a resource share in AWS Resource Access Manager for the transit gateway. Provide the Connectivity Account ID. Enable the feature to allow external accounts 2In the Connectivity account: Accept the resource. 3In the Connectivity account: Create an attachment to the VPC subnets. 4In the Production account: Accept the attachment. Associate a route table with the attachment.
- B. 1In the Production account: Create a resource share in AWS Resource Access Manager for the VPC subnets. Provide the Connectivity Account ID. Enable the feature to allow external accounts. 2In the Connectivity account: Accept the resource. 3In the Production account: Create an attachment on the transit gateway to the VPC subnets. 4In the Connectivity account: Accept the attachment. Associate a route table with the attachment.
- C. 1In the Connectivity account: Create a resource share in AWS Resource Access Manager for the VPC subnets. Provide the Production Account ID. Enable the feature to allow external accounts. 2In the Production account: Accept the resource. 3In the Connectivity account: Create an attachment on the transit gateway to the VPC subnets. 4In the Production account: Accept the attachment. Associate a route table with the attachment.
- D. 1In the Connectivity account: Create a resource share in AWS Resource Access Manager for the transit gateway. Provide the Production Account ID Enable the feature to allow external accounts. 2In the Production account: Accept the resource. 3In the Production account: Create an attachment to the VPC subnets. 4In the Connectivity account: Accept the attachment. Associate a route table with the attachment. ✓
Correct Answer: D. 1In the Connectivity account: Create a resource share in AWS Resource Access Manager for the transit gateway. Provide the Production Account ID Enable the feature to allow external accounts. 2In the Production account: Accept the resource. 3In the Production account: Create an attachment to the VPC subnets. 4In the Connectivity account: Accept the attachment. Associate a route table with the attachment.
Explanation
题目涉及AWS Transit Gateway跨账户共享配置。AWS文档指出,跨账户共享Transit Gateway需使用Resource Access Manager(RAM)。资源拥有者(Connectivity账户)需创建RAM资源共享Transit Gateway到目标账户(Production账户)。接收方接受共享后,可在本地账户创建VPC Attachment到共享的Transit Gateway。由于未启用自动接受,Transit Gateway所属账户需手动批准Attachment并关联路由表。选项D流程符合该逻辑:Connectivity账户共享Transit Gateway,Production账户创建VPC Attachment后由Connectivity账户批准并配置路由。《AWS Transit Gateway用户指南》描述了跨账户共享的具体步骤。其他选项存在资源共享方向错误或操作步骤顺序颠倒的问题。