application can connect to the Kinesis Data Stream without leaving the AWS private network and does not use the public internet by any means. Which of the following solution is ideal for given scenario?
1. You will be creating an IPSec VPN connection.
2. You will be using NAT instances.
3. You will be removing Internet Gateway from the private subnet.
4. You will be using VPC peering connection
5. You will be using VPC endpoint connection
Correct Answer : 5 Exp : Question is asking how an application residing in private VPC can communicate with the Kinesis Data Stream application without leaving the AWS private network.
Option-1 is talking about VPN connection, VPN connection you create on the public internet. Hence, this cannot be an answer.
Option-2: Is not a solution, because NAT instances are used for reaching the internet when EC2 instances in the private subnet, which cannot directly reach the internet. Hence, not a correct choice.
Option-3: Internet Gateway is attached to the VPC and when you remove that internet gateway from the VPC then it becomes the private VPC. Private subnet does not have internet gateway, so removing internet gateway
from private subnet is not a correct statement itself. Hence, it cannot be a correct choice.
Option-4: VPC peering is a solution when you want to establish a private connection between two VPC. Without using the public internet, and this can be a partially correct answer. But before concluding this lets see
what is the next option.
Option-5: Creating VPC endpoint, when you use the VPC endpoint interface than traffic remain on the AWS network only. VPC endpoints are created with an AWS service. VPC endpoint does not require an internet gateway,
NAT devices, VPN connection, or AWS Direct Connect (Costly solution). VPC endpoint interface are powered by AWS Private Link, this is an AWS technology that enables the private communication between AWS services using
ENI (Elastic Network interface) with the private IPs in your AWS VPC. Hence, this option is more accurate.
5
