A company is designing a multi-VPC architecture in the same region. The VPCs need to communicate with each other using private IP addresses. The company must minimize cost and operational overhead. Which solution should the company use?
VPC peering is simple, low-cost, and uses private IPs.
Why this answer
Option C is correct because VPC peering connections provide direct, private IP connectivity between VPCs using the AWS global network, with no bandwidth bottlenecks or single points of failure. It is the most cost-effective solution for a small number of VPCs (e.g., fewer than 10) as there are no hourly charges for the peering connection itself—only data transfer costs. This minimizes operational overhead compared to managing VPN tunnels or a Transit Gateway, as peering is a simple, one-to-one relationship that does not require additional appliances or complex routing policies.
Exam trap
The trap here is that candidates often choose Transit Gateway (Option D) because it is a modern, centralized solution, but they overlook the specific constraint of minimizing cost and operational overhead for a small number of VPCs, where VPC peering is simpler and cheaper.
How to eliminate wrong answers
Option A is wrong because AWS Site-to-Site VPN connections require a virtual private gateway on each VPC and incur hourly charges per VPN connection, plus data transfer costs, making it more expensive and operationally complex than VPC peering for intra-region VPC communication. Option B is wrong because ClassicLink is a legacy feature that only allows EC2 instances in the EC2-Classic platform to communicate with VPCs using private IPs; it does not support connecting multiple VPCs together and has been deprecated for most use cases. Option D is wrong because while a Transit Gateway simplifies routing for many VPCs, it incurs an hourly attachment fee per VPC and data transfer costs, which is unnecessary overhead for a small number of VPCs that can be directly peered at lower cost.