Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 361 discussion

A software as a service (SaaS) company uses AWS to host a service that is powered by AWS PrivateLink. The service consists of proprietary software that runs on three Amazon EC2 instances behind a Network Load Balancer (NLB). The instances are in private subnets in multiple Availability Zones in the eu-west-2 Region. All the company's customers are in eu-west-2.

However, the company now acquires a new customer in the us-east-1 Region. The company creates a new VPC and new subnets in us-east-1. The company establishes inter-Region VPC peering between the VPCs in the two Regions.

The company wants to give the new customer access to the SaaS service, but the company does not want to immediately deploy new EC2 resources in us-east-1.

Which solution will meet these requirements?

  • A. Configure a PrivateLink endpoint service in us-east-1 to use the existing NLB that is in eu-west-2. Grant specific AWS accounts access to connect to the SaaS service.
  • B. Create an NLB in us-east-1. Create an IP target group that uses the IP addresses of the company's instances in eu-west-2 that host the SaaS service. Configure a PrivateLink endpoint service that uses the NLB that is in us-east-1. Grant specific AWS accounts access to connect to the SaaS service.
  • C. Create an Application Load Balancer (ALB) in front of the EC2 instances in eu-west-2. Create an NLB in us-east-1. Associate the NLB that is in us-east-1 with an ALB target group that uses the ALB that is in eu-west-2. Configure a PrivateLink endpoint service that uses the NLB that is in us-east-1. Grant specific AWS accounts access to connect to the SaaS service.
  • D. Use AWS Resource Access Manager (AWS RAM) to share the EC2 instances that are in eu-west-2. In us-east-1, create an NLB and an instance target group that includes the shared EC2 instances from eu-west-2. Configure a PrivateLink endpoint service that uses the NLB that is in us-east-1. Grant specific AWS accounts access to connect to the SaaS service.
Show Suggested Answer Hide Answer
Suggested Answer: D ūüó≥ÔłŹ

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
devalenzuela86
Highly Voted 6 months, 3 weeks ago
Selected Answer: A
A Explanation: * Configuring a PrivateLink endpoint service in us-east-1 to use the existing NLB that is in eu-west-2 will allow the new customer to access the SaaS service without deploying new EC2 resources in us-east-1 1. * Granting specific AWS accounts access to connect to the SaaS service will ensure that only authorized users can access the service 1.
upvoted 13 times
abhitricanada
5 months, 1 week ago
Answer is A because ... VPC peering between the VPCs in the two Regions already done & company does not want to immediately deploy new EC2 resources in us-east-1, later on company will change the architecture
upvoted 1 times
...
Pilot
6 months, 2 weeks ago
Network Load Balancers now support connections from clients to IP-based targets in peered VPCs across different AWS Regions. Previously, access to Network Load Balancers from an inter-region peered VPC was not possible. With this launch, you can now have clients access Network Load Balancers over an inter-region peered VPC. Network Load Balancers can also load balance to IP-based targets that are deployed in an inter-region peered VPC. This support on Network Load Balancers is available in all AWS Regions. https://aws.amazon.com/about-aws/whats-new/2018/10/network-load-balancer-now-supports-inter-region-vpc-peering/ NLB support client from different region, I think A is correct.
upvoted 4 times
...
...
heatblur
Highly Voted 6 months, 2 weeks ago
Selected Answer: B
The best option among these is B. While it introduces some complexity, it's the most viable solution that aligns with AWS capabilities and the company's requirements. Creating an NLB in us-east-1 and targeting the IP addresses of the existing instances in eu-west-2 is a feasible approach. This setup allows the company to use their existing infrastructure in eu-west-2 while providing access to the customer in us-east-1 through the PrivateLink endpoint service in us-east-1. This avoids the immediate need to deploy new EC2 resources in the us-east-1 region. It can't be A because AWS PrivateLink endpoint services cannot span regions. They are region-specific, so an endpoint service in us-east-1 cannot directly use an NLB located in eu-west-2.
upvoted 11 times
SKS
2 months, 1 week ago
Wrong on part where private link support for inter region vpc peering . https://aws.amazon.com/about-aws/whats-new/2018/10/aws-privatelink-now-supports-access-over-inter-region-vpc-peering/
upvoted 3 times
...
liquen14
3 months, 1 week ago
I was unable to find documentation saying that an AWS PrivateLink endpoint requires the NLB to be in the same region but if you go to the console for instance here: https://eu-west-1.console.aws.amazon.com/vpcconsole/home?region=eu-west-1#CreateVpcEndpointServiceConfiguration: try to create an endpoint service and you don't have a NLB there the console explicitly states: "No Network Load Balancers or Gateway Load Balancers available in this Region." so for me A in invalid
upvoted 2 times
...
ayadmawla
6 months, 1 week ago
But the company has establishing Inter-Region VPC Peering so the endpoint would work
upvoted 2 times
...
...
qaz12wsx
Most Recent 1 month, 1 week ago
Selected Answer: A
a because of this https://aws.amazon.com/about-aws/whats-new/2018/10/aws-privatelink-now-supports-access-over-inter-region-vpc-peering/
upvoted 1 times
...
seetpt
1 month, 1 week ago
Selected Answer: A
A for me
upvoted 1 times
...
TonytheTiger
1 month, 3 weeks ago
Selected Answer: A
Option A : you don't need to create a new NLB in the us-east-1. Read the link below for Inter-Region access to endpoint service . https://docs.aws.amazon.com/whitepapers/latest/aws-privatelink/use-case-examples.html#inter-region-endpoint-services
upvoted 3 times
...
titi_r
2 months ago
Selected Answer: A
A - correct.
upvoted 2 times
...
tushar321
2 months ago
A. A looks to be right answer
upvoted 1 times
...
VerRi
2 months, 2 weeks ago
Selected Answer: A
AWS PrivateLink now supports access over Inter-Region VPC Peering since 2018. https://aws.amazon.com/about-aws/whats-new/2018/10/aws-privatelink-now-supports-access-over-inter-region-vpc-peering/
upvoted 2 times
...
mav3r1ck
2 months, 2 weeks ago
Selected Answer: B
This is the use case: https://docs.aws.amazon.com/whitepapers/latest/aws-privatelink/use-case-examples.html#inter-region-endpoint-services
upvoted 2 times
...
yog927
3 months ago
It is A. For all those saying can not access PrivateLink endpoint service across region. "This release makes it possible for customers to privately connect to a service even if the service endpoint resides in a different AWS Region." https://aws.amazon.com/about-aws/whats-new/2018/10/aws-privatelink-now-supports-access-over-inter-region-vpc-peering/
upvoted 3 times
...
sat2008
3 months, 2 weeks ago
Selected Answer: B
When you create PrivateLink endpoint service in us-east-1 you also need a NLB to handle traffic flow between target NLB . So A doesn't seem to be a complete answer
upvoted 1 times
...
bjexamprep
3 months, 3 weeks ago
Selected Answer: B
Private link endpoint service can only use the NLB in the same region. So A is wrong.
upvoted 2 times
...
adelynllllllllll
3 months, 4 weeks ago
A: https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-share-your-services.html
upvoted 1 times
...
ele
3 months, 4 weeks ago
Selected Answer: A
A: AWS PrivateLink endpoints can now be accessed across both intra- and inter-region VPC peering connections. https://aws.amazon.com/about-aws/whats-new/2019/03/aws-privatelink-now-supports-access-over-vpc-peering/
upvoted 3 times
...
marszalekm
4 months ago
Selected Answer: A
https://repost.aws/questions/QU4qk3TdeBTyqZ-vcvODn84w/private-link-cross-region-cross-account-support
upvoted 2 times
...
pri32
4 months ago
Selected Answer: A
B will also work but unnecessaey complexities
upvoted 3 times
...
saggy4
4 months, 1 week ago
Selected Answer: A
A- Private link supports access over inter region vpc peering
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...