You are working as an AWS Architect for an IT Company. Your Company is using EC2 instances in multiple VPCs spanning Availability Zones in (US-EAST-1) Region. The Development Team has deployed a new Intranet application that needs to be accessed via VPC. You need to make sure that the connectivity to this particular application uses the internal AWS network between different VPCs, and the solution is highly scalable and secure. Which of the following solution would you recommend?

Answer options:

A.Attach an Internet Gateway to all the VPCs at the "US-EAST-1" region and allow all users to access this application over the internet.
B.Deploy Network Load Balancers along with VPC endpoint service (AWS PrivateLink) to establish connectivity between the VPC`s in the "US-EAST-1" region.
C.Use the VPC Gateway Endpoint service between all the VPCs at the "US-EAST-1" region to provide connectivity between users & servers.
D.Create a VPN between instances at the various VPCs in "US-EAST-1" region to establish connectivity.

Correct Answer – B
AWS PrivateLink provides secure private connectivity for services between separate VPC’s. For this, Network Load Balancers can be used in service provider while Elastic Network Interface is created in service, consuming VPC. Using DNS, service provider service is resolved to the local IP address assigned to Elastic Network Interface which will forward all traffic to the Network Load Balancer in the provider network. Network Load Balancer will perform a source NAT for all traffic & forward it to the provider instance.
Option A is incorrect. Using the Internet to establish connectivity between users & servers will not be a highly secure solution.
Option C is incorrect. VPC Gateway Endpoint service is for S3 and DynamoDB, which is unsuitable for this scenario.
Option D is incorrect as VPN connectivity between the instance of various VPCs will not be a scalable solution.
For more information on AWS PrivateLink, refer to the following URL:
https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html
Accessing Services Through AWS Private Links:
AWS PrivateLink is a highly available, scalable technology that enables you to connect your VPC to supported AWS services privately, services hosted by other AWS accounts (VPC endpoint services), and supported AWS Marketplace partner services. You do not require an internet gateway, NAT device, public IP address, AWS Direct Connect connection, or AWS Site-to-Site VPN connection to communicate with the service. The traffic between your VPC and the service does not leave the Amazon network.
To use AWS PrivateLink, create an interface VPC endpoint for a service in your VPC. This creates an elastic network interface in your subnet with a private IP address that serves as an entry point for the traffic, destined to the service. For more information, see VPC Endpoints.
You can create your own AWS PrivateLink-powered service (endpoint service) and enable other AWS customers to access your service. For more information, see VPC Endpoint Services (AWS PrivateLink).
For more information, refer to the following URLs:
https://aws.amazon.com/privatelink/
https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html#what-is-privatelink