Questions 58 to 60

Question 58

An organization in the health industry needs to create an application that will transmit protected health data to thousands of service consumers in different AWS accounts. The application servers are run on EC2 instances in private VPC subnets. The routing for the application must be fault-tolerant.

What should be done to meet these requirements?

1. Create a virtual private gateway connection between each pair of service provider VPCs and service consumer VPCs.
2. Create a proxy server in the service provider VPC to route requests from service consumers to the application servers.
3. Create a VPC endpoint service, and grant permissions to specific service consumers to create a connection.
4. Create an internal Application Load Balancer in the service provider VPC, and put application servers behind it.

Correct Answer: 3

Explanation: Here you need to offer the service through a service provider offering. This is a great use case for a VPC endpoint service using AWS PrivateLink (referred to as an endpoint service). Other AWS principals can then create a connection from their VPC to your endpoint service using an interface VPC endpoint.

You are acting as the service provider and offering the service to service consumers. This configuration uses a Network Load Balancer and can be fault-tolerant by configuring multiple subnets in which the EC2 instances are running.

The following diagram depicts a similar architecture: