Design Solutions for Organizational Complexity I
Explore how to architect scalable and secure AWS solutions for complex organizations. Learn strategies for global segmentation, hybrid connectivity using Direct Connect, centralized route management, and traffic inspection leveraging AWS services like Transit Gateway and Network Firewall. This lesson equips you to design architectures that reduce operational overhead while maintaining security and isolation across multiple accounts and regions.
We'll cover the following...
Question 1
A multinational insurer operates 250 VPCs across eight AWS Regions and many AWS accounts. The network is separated into production, non-production, PCI, and shared-services environments. The company needs global segmentation, a centralized routing policy, hybrid connectivity to two data centers through AWS Direct Connect, and regional inspection VPCs that run AWS Network Firewall. Which architecture best reduces route management overhead while preserving isolation and hybrid routing?
A. Use AWS Cloud WAN as the global core network with separate policy-based segments for production, non-production, PCI, and shared services. Attach VPCs directly where appropriate, integrate with or peer regional Transit Gateways for hub-and-spoke routing, connect the Transit Gateways to a Direct Connect gateway through transit VIFs, and control route propagation to regional inspection VPCs.
B. Create a full mesh of VPC peering connections between all VPCs and attach private VIFs from each data center to the most important VPCs. Use VPC route tables in each account to manually route traffic through the closest inspection VPC.
C. Deploy one Transit Gateway in each Region and connect the Regions using Transit Gateway inter-Region peering only. Manage static routes independently in every Transit Gateway route table and VPC route table for each ...