Q29 — AWS DOP-C02 Ch.3
Question 29 of 100 | ← Chapter 3
A company has 20 service teams. Each service team owns its own microservice and uses a separate AWS account with a VPC using the 192.168.0.0/22 CIDR block. The company manages AWS accounts using AWS Organizations. Each service team hosts its microservice on multiple Amazon EC2 instances behind an Application Load Balancer. Microservices communicate over the public internet. The company's security team issued a new policy requiring all inter-microservice communication to occur over private network connections using HTTPS, without traversing the public internet.
- A. Create a new AWS account in AWS Organizations. In this account, create a VPC and share its private subnets with the organization using AWS Resource Access Manager. Instruct service teams to launch new Network Load Balancers (NLBs) and EC2 instances using the shared private subnets. Use NLB DNS names for inter-microservice communication.
- B. Create a Network Load Balancer (NLB) in each microservice VPC. Use AWS PrivateLink to create VPC endpoints for each NLB in each AWS account. Create subscriptions to each VPC endpoint in every other AWS account. Use VPC endpoint DNS names for inter-microservice communication.
- C. Create a Network Load Balancer (NLB) in each microservice VPC. Create VPC peering connections between each microservice VPC. Update routing tables in each VPC to use the peering connections. Use NLB DNS names for inter-microservice communication.
- D. Create a new AWS account in AWS Organizations. In this account, create a Transit Gateway and share it with the organization using AWS Resource Access Manager. In each microservice VPC, create a Transit Gateway attachment to the shared Transit Gateway. Update routing tables in each VPC to route through the Transit Gateway. In each microservice VPC, create a Network Load Balancer (NLB). Use NLB DNS names for inter-microservice communication. ✓
Correct Answer: D. Create a new AWS account in AWS Organizations. In this account, create a Transit Gateway and share it with the organization using AWS Resource Access Manager. In each microservice VPC, create a Transit Gateway attachment to the shared Transit Gateway. Update routing tables in each VPC to route through the Transit Gateway. In each microservice VPC, create a Network Load Balancer (NLB). Use NLB DNS names for inter-microservice communication.
Explanation
Option D is the correct solution that satisfies the requirements.