AWS Certified Solutions Architect Professional SAP-C02 Practice Question

The correct solution is to use a Transit Gateway with a Site-to-Site VPN connection and enable Equal-Cost Multi-Path (ECMP) routing. An individual AWS Site-to-Site VPN tunnel has a maximum throughput of 1.25 Gbps. To meet the 2 Gbps requirement, traffic must be load-balanced across multiple tunnels. A Transit Gateway supports ECMP on VPN attachments, which allows it to load-balance traffic across two or more tunnels to the same destination, thereby aggregating their bandwidth. This configuration also provides high availability, as the failure of one tunnel will not disrupt connectivity. Using a Transit Gateway is also a scalable solution for connecting additional VPCs in the future.

A Virtual Private Gateway (VGW) supports two tunnels for high availability, but it operates in an active/passive configuration and does not support ECMP. Therefore, it cannot aggregate bandwidth beyond the 1.25 Gbps limit of a single active tunnel. An Accelerated Site-to-Site VPN improves performance by reducing latency over the public internet but does not increase the maximum bandwidth of a VPN tunnel. While deploying a software-based VPN on EC2 instances is technically possible, it introduces significant management overhead and is not the AWS-native, fully managed, and scalable solution that Transit Gateway provides.