A company has an on-premises data center connected to AWS through a single AWS Direct Connect connection. The company requires encrypted connectivity between on-premises and their VPC. The current Direct Connect connection provides 1 Gbps of bandwidth, and the company cannot tolerate any single point of failure. A solutions architect needs to design a solution that provides both encryption and high availability. Which approach should the solutions architect take?
Show answerHide answer
A Site-to-Site VPN over Direct Connect (through a transit VIF and Transit Gateway) provides IPsec encryption for all traffic traversing the Direct Connect connection. Adding a second Direct Connect connection at a different location eliminates the single point of failure. This provides both encryption and high availability. Transit Gateway supports both VPN and Direct Connect attachments.