Exam AWS Certified Solutions Architect - Professional topic 1 question 224 discussion

DynamoDB cannot be put in VPC, but can use VPC endpoints now for VPC EC2 to access since 2017.

A is the only feasible solution, but definitely not a good or recommended solution.

B. The organization should only use a DynamoDB because by default it is always a part of the default subnet provided by AWS.

A is correct Explanation: The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Currently VPC does not support DynamoDB. Thus, if the user wants to implement VPC, he has to setup his own NoSQL DB within the VPC. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html

Feasible solution A . But there is another way to achieve security and performance through VPC endpoints.VPC endpoints for DynamoDB make it possible to define a secure path to access DynamoDB from a VPC. It even enables Amazon EC2 instances in a VPC to use their private IP addresses to access DynamoDB with no exposure to the public internet. Ref :https://dynobase.dev/dynamodb-vpc/

A. The organization should setup their own NoSQL cluster on the AWS instance and configure route tables and subnets.

One more replenishments with respect to the VPC Gateway Endpoint. As of today (Nov 2020), both S3 and DynamoDB are touched via the public range. When those two Gateway Endpoints associated with the route table(s), you will see their public range respectively.