I think this question is not really about Active Directory or AD Connector. A secure VPN connection is all you need in this question. The company has hardware can be used to establish an AWS S2S connection. In order to have a secure connection, the first thing you have to do is to implement a VPN connection between on-premise and target VPC. So C is the answer.

You cannot join an EC2 to On-prem AD just over the VPN. You should be having an AD connector for the same. https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-aws-using-ad-connector/

For me it's C. No need to Managed AD Connector. We have already a VPN, so we can leverage to spend less.

B for me

Ans C. If the VPC and the on-prem network are connected, there is no need for AD Connector, it works like any other interconnected networks. The EC2s must have DNS resolution, usually those will be the AD domain controllers (which in this case are located on prem).

It is B and not C. You need to AD connector to connect to on-premises AD. Did not find any article that suggests you can connect to on-premises AD over VPN without using AD connector or Active directory trust.

B is the right answer.

C is the answer. most cost-effective.

It is C

B is the answer. C would be the cheapest option, BUT it say's they currently access over the internet. This means that they don't have DNS appliances setup. Those are not included in the answer and they also cost money, making B the only real option here.

Answer: B Keyword "AWS IAM Identity Center (AWS Single Sign-On) "

C is the cheapest option. D is possible but there are hidden cost like Windows server licensing cost for each subnet + Secrets Manager cost.

B seems cheaper than D

https://aws.amazon.com/blogs/mt/console-based-access-to-windows-instances-using-aws-systems-manager-fleet-manager/

D is the cheapest option: | A | AWS Directory Service for Microsoft Active Directory: $0.90 per directory per month + EC2 instance: $0.006 per hour | | B | AWS IAM Identity Center: $0.25 per user per month + AWS Directory Service for Microsoft Active Directory AD Connector: $0.25 per directory per month + AWS Systems Manager: $0.033 per hour per instance | | C | VPN connection: Varies depending on the provider and the type of VPN connection + Target instances: $0.006 per hour per instance | | D | AWS Directory Service for Microsoft Active Directory: $0.90 per directory per month + Remote Desktop Gateway Quick Start: No additional cost |

The correct answer is D - Remote Desktop Gateway for remote access to EC2 using quick start (https://docs.aws.amazon.com/quickstart/latest/rd-gateway/welcome.html) - Managed AD -> On premise AD using Trust Relationship Centralised user management and leverages the existing hardware to establish an AWS Site-to-Site VPN connection.

S2S VPN ($36 p/m) is cheaper than using AD Connector (36.50 p/m)