Q29 — AWS DOP-C02 Ch.3

Question 29 of 100 | ← Chapter 3

A company has 20 service teams. Each service team owns its own microservice and uses a separate AWS account with a VPC using the 192.168.0.0/22 CIDR block. The company manages AWS accounts using AWS Organizations. Each service team hosts its microservice on multiple Amazon EC2 instances behind an Application Load Balancer. Microservices communicate over the public internet. The company's security team issued a new policy requiring all inter-microservice communication to occur over private network connections using HTTPS, without traversing the public internet.

Correct Answer: D. Create a new AWS account in AWS Organizations. In this account, create a Transit Gateway and share it with the organization using AWS Resource Access Manager. In each microservice VPC, create a Transit Gateway attachment to the shared Transit Gateway. Update routing tables in each VPC to route through the Transit Gateway. In each microservice VPC, create a Network Load Balancer (NLB). Use NLB DNS names for inter-microservice communication.

Explanation

Option D is the correct solution that satisfies the requirements.