Which solution will meet these requirements with the LEAST administrative overhead?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
Use Amazon Elastic Kubernetes Service (Amazon EKS) with Amazon EC2 worker nodes.A company has deployed an application in an AWS account.The application consists of microservices that run on AWS Lambda and Amazon Elastic Kubernetes Service (Amazon EKS).A separate team supports each microservice.The company has multiple AWS accounts and wants to give each team its own account for its microservices.A solutions architect needs to design a solution that will provide service-to-service communication over HTTPS (port 443).The solution also must provide a service registry for service discovery.

Which solution will meet these requirements with the LEAST administrative overhead?

Create an inspection VPC. Deploy an AWS Network Firewall firewall to the inspection VPC. Attach the inspection VPC to a new transit gateway. Route VPC-to-VPC traffic to the inspection VPC. Apply firewall rules to allow only HTTPS communication.

Create a VPC Lattice service network. Associate the microservices with the service network. Define HTTPS listeners for each service. Register microservice compute resources as targets. Identify VPCs that need to communicate with the services. Associate those VPCs with the service network.

Create a Network Load Balancer (NLB) with an HTTPS listener and target groups for each microservice. Create an AWS PrivateLink endpoint service for each microservice. Create an interface VPC endpoint in each VPC that needs to consume that microservice.

Create peering connections between VPCs that contain microservices. Create a prefix list for each service that requires a connection to a client. Create route tables to route traffic to the appropriate VPC. Create security groups to allow only HTTPS communication.

Explanations:

While creating an inspection VPC with a firewall can control traffic, it adds significant complexity and administrative overhead. This solution requires management of VPC peering and firewall rules, making it less efficient for service-to-service communication compared to other options.

VPC Lattice provides a simple service network that allows microservices to communicate securely over HTTPS with minimal configuration. It supports service discovery and requires less overhead for managing VPCs and traffic than other options, making it the most efficient choice for the described scenario.

Using a Network Load Balancer with AWS PrivateLink introduces more complexity by requiring multiple endpoint services and interface endpoints for each microservice. This increases the administrative burden and configuration management compared to a centralized service network.

VPC peering connections and managing prefix lists and route tables can become cumbersome as the number of microservices and accounts grows. This solution involves manual configurations that lead to higher administrative overhead, which does not meet the requirement for minimal management.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 × 2 =