What should a solutions architect do to ensure these requirements are met?
Configure the Network Load Balancer in the public subnets. Configure the Auto Scaling group in the private subnets and associate it with the Application Load Balancer.
Configure the Network Load Balancer in the public subnets. Configure the Auto Scaling group in the public subnets and associate it with the Application Load Balancer.
Configure the Application Load Balancer in the public subnets. Configure the Auto Scaling group in the private subnets and associate it with the Application Load Balancer.
Configure the Application Load Balancer in the private subnets. Configure the Auto Scaling group in the private subnets and associate it with the Application Load Balancer.
Explanations:
A Network Load Balancer (NLB) is not suitable for SSL termination. The Auto Scaling group should be in private subnets to protect the EC2 instances, but associating it with an NLB does not meet the requirement for offloading SSL.
While the Network Load Balancer (NLB) can be placed in public subnets, placing the Auto Scaling group in public subnets exposes the EC2 instances directly to the internet, which contradicts the requirement to ensure only the web portion is publicly accessible.
Configuring the Application Load Balancer (ALB) in public subnets allows it to handle SSL termination while ensuring the Auto Scaling group operates in private subnets, thus protecting the EC2 instances and meeting all specified requirements.
An Application Load Balancer (ALB) configured in private subnets cannot be directly accessed from the internet, which makes it unsuitable for handling external web traffic. This option does not meet the requirement for public accessibility of the web portal.