Which solution will meet these requirements?

By:
In: SAP-C02
Tagged:
With: 1 Comment
A company is serving files to its customers through an SFTP server that is accessible over the internet.The SFTP server is running on a single Amazon EC2 instance with an Elastic IP address attached.Customers connect to the SFTP server through its Elastic IP address and use SSH for authentication.The EC2 instance also has an attached security group that allows access from all customer IP addresses.A solutions architect must implement a solution to improve availability, minimize the complexity of infrastructure management, and minimize the disruption to customers who access files.The solution must not change the way customers connect.

Which solution will meet these requirements?

Disassociate the Elastic IP address from the EC2 instance. Create an Amazon S3 bucket to be used for SFTP file hosting. Create an AWS Transfer Family server. Configure the Transfer Family server with a publicly accessible endpoint. Associate the SFTP Elastic IP address with the new endpoint. Point the Transfer Family server to the S3 bucket. Sync all files from the SFTP server to the S3 bucket.

Disassociate the Elastic IP address from the EC2 instance. Create an Amazon S3 bucket to be used for SFTP file hosting. Create an AWS Transfer Family server. Configure the Transfer Family server with a VPC-hosted, internet-facing endpoint. Associate the SFTP Elastic IP address with the new endpoint. Attach the security group with customer IP addresses to the new endpoint. Point the Transfer Family server to the S3 bucket. Sync all files from the SFTP server to the S3 bucket.

Disassociate the Elastic IP address from the EC2 instance. Create a new Amazon Elastic File System (Amazon EFS) file system to be used for SFTP file hosting. Create an AWS Fargate task definition to run an SFTP server. Specify the EFS file system as a mount in the task definition. Create a Fargate service by using the task definition, and place a Network Load Balancer (NLB) in front of the service. When configuring the service, attach the security group with customer IP addresses to the tasks that run the SFTP server. Associate the Elastic IP address with the NLB. Sync all files from the SFTP server to the S3 bucket.

Disassociate the Elastic IP address from the EC2 instance. Create a multi-attach Amazon Elastic Block Store (Amazon EBS) volume to be used for SFTP file hosting. Create a Network Load Balancer (NLB) with the Elastic IP address attached. Create an Auto Scaling group with EC2 instances that run an SFTP server. Define in the Auto Scaling group that instances that are launched should attach the new multi-attach EBS volume. Configure the Auto Scaling group to automatically add instances behind the NLB. Configure the Auto Scaling group to use the security group that allows customer IP addresses for the EC2 instances that the Auto Scaling group launches. Sync all files from the SFTP server to the new multi-attach EBS volume.

Explanations:

This option suggests using AWS Transfer Family with a publicly accessible endpoint, which is not compatible with the requirement of maintaining customer access through the same Elastic IP. Additionally, the Transfer Family server would need to be set up correctly to ensure SFTP functionality, but it doesn’t specify the necessary security configurations.

This option creates an AWS Transfer Family server with a VPC-hosted, internet-facing endpoint while associating the existing Elastic IP. It allows for secure SFTP file hosting on S3, meets availability requirements, and minimizes disruption to customers by keeping the Elastic IP address consistent. Security groups are properly configured for customer IP addresses.

This option introduces unnecessary complexity by using AWS Fargate and EFS. While it maintains the SFTP functionality, it requires customers to potentially change their connection method due to how Fargate interacts with IP addresses. It also doesn’t mention the Elastic IP or security groups clearly in relation to the customer access.

Although it mentions using an Auto Scaling group and a Network Load Balancer (NLB) to manage SFTP servers, it requires a multi-attach EBS volume which is complex and adds overhead for management. Additionally, the customers may need to change their connection method since it doesn’t mention maintaining the same Elastic IP in a way that’s transparent to users.

2025-10-18

1 Comment

  1. Mason
    Author

    I scheme that the answer is:
    Disassociate the Elastic IP address from the EC2 instance. Create an Amazon S3 bucket to be used for SFTP file hosting. Create an AWS Transfer Family server. Configure the Transfer Family server with a VPC-hosted, internet-facing endpoint. Associate the SFTP Elastic IP address with the new endpoint. Attach the security group with customer IP addresses to the new endpoint. Point the Transfer Family server to the S3 bucket. Sync all files from the SFTP server to the S3 bucket.

Leave a Reply

Your email address will not be published. Required fields are marked *

7 + 19 =