What should a solutions architect recommend to accomplish this?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A company has users all around the world accessing its HTTP-based application deployed on Amazon EC2 instances in multiple AWS Regions.The company wants to improve the availability and performance of the application.The company also wants to protect the application against common web exploits that may affect availability, compromise security, or consume excessive resources.Static IP addresses are required.

What should a solutions architect recommend to accomplish this?

Put the EC2 instances behind Network Load Balancers (NLBs) in each Region. Deploy AWS WAF on the NLBs. Create an accelerator using AWS Global Accelerator and register the NLBs as endpoints.

Put the EC2 instances behind Application Load Balancers (ALBs) in each Region. Deploy AWS WAF on the ALBs. Create an accelerator using AWS Global Accelerator and register the ALBs as endpoints.

Put the EC2 instances behind Network Load Balancers (NLBs) in each Region. Deploy AWS WAF on the NLBs. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the NLBs.

Put the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the ALBs. Deploy AWS WAF on the CloudFront distribution.

Explanations:

Network Load Balancers (NLBs) operate at the transport layer (Layer 4), which does not allow for application-layer security features like AWS WAF. Using Global Accelerator with NLBs does not address the requirement for application protection against web exploits.

Application Load Balancers (ALBs) operate at the application layer (Layer 7) and can deploy AWS WAF for protection against web exploits. AWS Global Accelerator can improve availability and performance by routing user traffic to the nearest ALB endpoints. Static IPs can be provided by Global Accelerator.

While NLBs can handle TCP traffic efficiently, they do not support AWS WAF, which is essential for protecting against web exploits. Additionally, using CloudFront with NLBs does not leverage application-layer features and is not optimal for HTTP-based applications.

Although ALBs provide application-layer capabilities and can use AWS WAF, the approach of routing through CloudFront with Route 53 latency-based routing may introduce complexity without the benefits of Global Accelerator. Global Accelerator would be a better fit for providing static IPs and optimal routing.

Leave a Reply

Your email address will not be published. Required fields are marked *

10 + two =