AWS Certified Advanced Networking Specialty Practice Exam

Which statement about AWS PrivateLink is true for solutions requiring service access?

• A. It allows service VPCs to initiate connections to spoke VPCs
• B. It can be used in both request and response situations
• C. It is suitable for direct service requests only from the consumer VPC
• D. It enables traffic management for VPC peering

The correct answer is: It is suitable for direct service requests only from the consumer VPC

AWS PrivateLink is a service that simplifies the security of data shared between VPCs and services by providing private connectivity. When evaluating the statements, the one that accurately describes PrivateLink’s capabilities is that it is suitable for direct service requests only from the consumer VPC. The essence of AWS PrivateLink is that it allows a consumer VPC to access services hosted in another VPC, often referred to as the service VPC, while maintaining the traffic within the AWS network rather than routing it over the public internet. This means that the connections are initiated from the consumer VPC, ensuring that the service consumer is the one making requests. This direct service request focus helps minimize exposure to the public internet and ensures security and performance by leveraging AWS's private backbone. Consequently, while it allows traffic to flow securely between VPCs, it does not facilitate services initiating requests back to the consumer, which restricts the operation to a more controlled request-response transaction structure. As a result, PrivateLink is tailored for scenarios where services are consumed directly from the VPC, thereby emphasizing the importance of this particular statement regarding its functionality.