-
Incorrect info provided for question?
updated 2 years ago
2 Members
·
2
Posts
-
For the question below:
A government agency has multiple VPCs in various AWS regions across the United States that need to be linked up to an on-premises central office network in Washington, D.C. The central office requires inter-region VPC access over a private network that is dedicated to each region for enhanced security and more predictable data transfer performance. Your team is tasked to quickly build this network mesh and to minimize the management overhead to maintain these connections.
Which of the following options is the most secure, highly available, and durable solution that you should use to set up this kind of interconnectivity?Your explanation regarding Direct Connect reads:
AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS to achieve higher privacy benefits
- I believe the statement above is incorrect. AWS Direct Connect even though is a dedicated connection and well-satisfies the requirement for predictable data transfer performance this does not provide privacy by default without further configuration, such as configuring IPSEC VPN over a public vif connecting to either VPG IPsec endpoint or alternatively into TGW ; the proposed solution as the correct one is mentioning private vifs only and I believe this is incorrect as this does not provide end-to-end traffic encryption
- Also, the requirement to quickly build this is an anti-pattern for Direct Connect (assuming the DX connections are not already in place; there is no mention that these DX connections are already in place)
- The proposed correct solution does not mention multiple DX connections at each DX location for meeting the HA requirement
-
This discussion was modified 2 years ago by
cdt78. Reason: html formatting tag was included in the post text
-
Hi cdt78
Thank you for sharing your feedback on this question.
I agree that “privacy” is not the focus by default for a Direct Connect connection. This “privacy” was in context that you have a dedicated line going to AWS, which is good for privacy because it is not shared. But this connection is not encrypted by default. I think what we should have meant here is that Direct Connect provides higher security benefits instead of privacy. Direct Connect is for dedicated and predictable network performance.
The topic for this question is for using direct connect to provide reliable private network to AWS.
From this AWS link:
https://aws.amazon.com/blogs/aws/new-aws-direct-connect-gateway-inter-region-vpc-access/
You can have a single direct connect connection to link multiple VPCs.
Also, the provisioning of AWS direct connect can happen as fast as within 72 hours. I believe considering the context on this question, this is still fast. Options for dedicated private connections, would be to request your ISP (which takes a long time too) or to setup your own fiber lines (which is expensive and takes a long time too).
https://docs.aws.amazon.com/directconnect/latest/UserGuide/getting_started.html
Hope this helps.
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam!
Regards,
Kenneth Samonte @ Tutorials Dojo
Log in to reply.