Which service provides a virtual private network connection between an on-premises network and an AWS VPC?

  1. AWS Transit Gateway
  2. AWS Direct Connect
  3. VPC Peering
  4. AWS Site-to-Site VPN ✓

Correct answer: AWS Site-to-Site VPN

Option D is correct because AWS Site-to-Site VPN creates an IPsec-encrypted tunnel over the public internet between a customer gateway on the on-premises side and a virtual private gateway or Transit Gateway on the AWS side, providing a virtual private network connection to a VPC. Option A is wrong because AWS Transit Gateway is a network transit hub that connects multiple VPCs and on-premises networks together, but it requires either Site-to-Site VPN or Direct Connect as the underlying transport to reach on-premises networks. Option B is wrong because AWS Direct Connect is a dedicated private physical network connection from an on-premises data center to AWS, not a VPN; it does not use the public internet and is a distinct service from VPN. Option C is wrong because VPC Peering connects two VPCs within or across AWS accounts and regions, but it cannot be used to connect an on-premises network to AWS.

Topic: · site-to-site vpn, vpc connectivity, ipsec, hybrid networking

Practice AWS Solutions Architect Associate Questions Free