Amazon Exam ANS-C01 Topic 6 Question 34 Discussion

Actual exam question for Amazon's ANS-C01 exam

Question #: 34
Topic #: 6

An AWS CloudFormation template is being used to create a VPC peering connection between two existing operational VPCs, each belonging to a different AWS account. All necessary components in the 'Remote' (receiving) account are already in place.

The template below creates the VPC peering connection in the Originating account. It contains these components:

AWSTemplateFormation Version: 2010-09-09

Parameters:

Originating VCId:

Type: String

RemoteVPCId:

Type: String

RemoteVPCAccountId:

Type: String

Resources:

newVPCPeeringConnection:

Type: 'AWS::EC2::VPCPeeringConnection'

Properties:

VpcdId: !Ref OriginatingVPCId

PeerVpcId: !Ref RemoteVPCId

PeerOwnerId: !Ref RemoteVPCAccountId

Which additional AWS CloudFormation components are necessary in the Originating account to create an operational cross-account VPC peering connection with AWS CloudFormation? (Select two.)

AResources:NewEC2SecurityGroup:Type: AWS::EC2::SecurityGroup

BResources:NetworkInterfaceToRemoteVPC:Type: ''AWS::EC2NetworkInterface''

CResources:newEC2Route:Type: AWS::EC2::Route

DResources:VPCGatewayToRemoteVPC:Type: ''AWS::EC2::VPCGatewayAttachment''

EResources:newVPCPeeringConnection:Type: 'AWS::EC2VPCPeeringConnection'PeerRoleArn: !Ref PeerRoleArn

Show Suggested Answer

Suggested Answer: C, E

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_EC2.html

by Leah at Aug 27, 2024, 04:29 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Juan

3 months ago

I'm surprised option A isn't one of the correct answers. You'd think you'd need a security group to allow traffic between the VPCs, but I guess the peering connection takes care of that.

upvoted 0 times

Lai

2 months ago

The AWS CloudFormation template already includes the necessary components for creating the cross-account VPC peering connection.

upvoted 0 times

...

Lindsay

2 months ago

The VPC peering connection allows communication between the VPCs without the need for a separate security group.

upvoted 0 times

...

Dana

2 months ago

Option A is not needed because the VPC peering connection handles the traffic between VPCs.

upvoted 0 times

...

Paris

3 months ago

Haha, I can already see someone choosing option B and trying to create a 'NetworkInterfaceToRemoteVPC' - that's just not how it works!

upvoted 0 times

Jesus

2 months ago

That makes sense, we need to focus on creating a new route and attaching a VPC gateway for the peering connection.

upvoted 0 times

...

Malcom

2 months ago

I think the necessary components are actually option C and option D.

upvoted 0 times

...

Mari

2 months ago

Yeah, creating a 'NetworkInterfaceToRemoteVPC' wouldn't help in setting up a VPC peering connection.

upvoted 0 times

...

Iluminada

2 months ago

I agree, option B is definitely not the right choice here.

upvoted 0 times

...

Elliott

3 months ago

But option A is for creating a security group, not for VPC peering connection.

upvoted 0 times

...

Theola

3 months ago

You're right, I misunderstood the question. Option E is definitely needed for the VPC peering connection.

upvoted 0 times

...

Julianna

3 months ago

I'm not sure why option E is there, it doesn't seem relevant to the question. But yeah, C and D are the right answers.

upvoted 0 times

Vicki

2 months ago

Yeah, you're right. Options C and D are the necessary components for creating the connection.

upvoted 0 times

...

Blythe

3 months ago

I think option E is not needed for creating a VPC peering connection.

upvoted 0 times

...

Levi

3 months ago

The correct answers are C) Resources:newEC2Route:Type: AWS::EC2::Route and D) Resources:VPCGatewayToRemoteVPC:Type: ''AWS::EC2::VPCGatewayAttachment''. These components are necessary to create routing between the two VPCs and establish the peering connection.

upvoted 0 times

Avery

3 months ago

That makes sense, those components are essential for setting up the VPC peering connection between the two accounts.

upvoted 0 times

...

Tamekia

3 months ago

I think the additional components needed are Resources:newEC2Route:Type: AWS::EC2::Route and Resources:VPCGatewayToRemoteVPC:Type: ''AWS::EC2::VPCGatewayAttachment''

upvoted 0 times

...

Theola

3 months ago

I disagree, I believe option A and E are the correct components needed.

upvoted 0 times

...

Elliott

3 months ago

I think option C and D are necessary for creating the VPC peering connection.

upvoted 0 times

...