AWS Transit VPC
AWS Transit VPC
Transit Gateway can be substituted for Transit VPC. AWS Transit Gateway has the same benefits as transit VPC but is a managed service that scales in a highly available product.
Transit VPC connects multiple VPCs that are geographically dispersed and remote networks to create a global network transit centre.
Transit VPC can address some of the problems with VPC peering by introducing an inter-VPC spoke design.
A transit VPC simplifies network management by reducing the number of connections needed to connect multiple VPCs or remote networks.
Transit VPC allows an easy way to implement shared services or packet inspection/replication in a VPC.
Transit VPC can be used for supporting important use casesPrivate networking – create a private network that spans multiple AWS Regions.
Shared Connectivity – Multiple VPCs can share connections with data centers, partner networks and other clouds.
Cross-Account AWS Use – VPCs and AWS resources can be stored in multiple AWS accounts.
Transit VPC design allows for more complex routing rules such as network address translation among overlapping network ranges or to add network-level packet filtering and inspection.Transit VPC Network consists of a central VPC, the hub VPC, connecting with all other VPCs (spoke VPCs) via a VPN connection, typically leveraging BGP Over IPsec.
Central VPC is made up of EC2 instances that run software appliances that route incoming traffic using the VPN overlay.
Supports transitive routing via the overlay VPN network — allowing you to design a hub and spoke layout. This can be used to provide shared services such as VPC Endpoints and Direct Connect connection.
Supports network address translation between overlapping networks.
Supports vendor functionality for advanced security (layer 7, firewall/Intrusion Prevention System, (IPS)/Intrusion Detection System, (IDS) using third-party software.
Instance-based routing increases costs, but lowers availability and limits bandwidth.
Customers are responsible to manage the HA/redundancy of EC2 instances that run third-party vendor virtual appliancesTransit VPC high availabilityTransit VPC Vs VPC Peering Transit Gateway AWS Certification Practice Questions
Questions are collected via the Internet. The answers are marked according to my knowledge and understanding (which may differ from yours).
AWS services are constantly updated and the answers and questions may be out of date soon. So make sure to research accordingly.
AWS exam questions cannot be updated to keep up with AWS updates. This means that even if the underlying feature has been changed, the question may not be updated.
We welcome further feedback, discussion, and correction. A company has deployed a near-real-time intrusion detection (IDS) solution to address increased cyber security concerns. It is essential to put in place a system as soon as possible. Architecture consists of multiple AWS accounts. All results must be delivered to one central location. This requirement can be met by deploying a third-party vendor solution that performs deep packet inspection in transit VPCs.
Each VPC should be enabled to enable VPC Flow logs. Set up a stream of flow logs to a central Amazon Elasticsearch cluster.
Configure central reporting and enable Amazon Macie for each AWS account.
As members of a central account, enable Amazon GuardDuty. Your company has established a VPN connection between their AWS infrastructure and their on-premises infrastructure. They have multiple VPCs. They must also ensure that all traffic flows through a security VPC, which is a separate network from their on-premise infrastructure. How would you design the solution? (Select TWO). Create a VPN connection between your On-premise environment (Transit VPC) and the Security VPC.