SAP-C02 · Question #728
SAP-C02 Question #728: Real Exam Question with Answer & Explanation
The correct answer is B: Turn on automatic acceptance for the transit gateway in the shared services account. Use AWS. To enable a development account to frequently connect its VPCs to a shared services account's Transit Gateway with minimal friction, the shared services account should enable automatic attachment acceptance on its Transit Gateway, and use AWS Resource Access Manager (RAM) to shar
Question
A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company hosts some applications in a VPC in the company's shared services account. The company has attached a transit gateway to the VPC in the shared services account. The company is developing a new capability and has created a development environment that requires access to the applications that are in the shared services account. The company intends to delete and recreate resources frequently in the development account. The company also wants to give a development team the ability to recreate the team's connection to the shared services account as required. Which solution will meet these requirements?
Options
- ACreate a transit gateway in the development account. Create a transit gateway peering request to
- BTurn on automatic acceptance for the transit gateway in the shared services account. Use AWS
- CTurn on automatic acceptance for the transit gateway in the shared services account. Create a
- DCreate an Amazon EventBridge rule to invoke an AWS Lambda function that accepts the transit
Explanation
To enable a development account to frequently connect its VPCs to a shared services account's Transit Gateway with minimal friction, the shared services account should enable automatic attachment acceptance on its Transit Gateway, and use AWS Resource Access Manager (RAM) to share the Transit Gateway with the development account. This allows the development team to self-service new attachments which are automatically accepted.
Common mistakes.
- A. Creating a transit gateway in the development account and then creating a peering request to the shared services account's transit gateway is incorrect; VPCs attach to a transit gateway, not transit gateways peering for this specific use case, and it adds unnecessary complexity.
- C. This option incorrectly suggests sharing a new transit gateway from the development account with the shared services account, rather than sharing the existing shared services transit gateway with the development account.
- D. While EventBridge and Lambda can automate acceptance, simply enabling automatic acceptance directly on the Transit Gateway is a native, simpler, and more operationally efficient solution for this specific requirement without needing custom code.
Concept tested. AWS Transit Gateway attachment acceptance and AWS RAM
Reference. https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-attachments.html#tgw-auto-accept
Community Discussion
No community discussion yet for this question.