What should a solutions architect do to meet these requirements?

By:
In: SAA-C02
Tagged:
With: 1 Comment
A company is running a web-based game in two Availability Zones in the us-west-2 Region.The web servers use an Application Load Balancer (ALB) in public subnets.The ALB has an SSL certificate from AWS Certificate Manager (ACM) with a custom domain name.The game is written in JavaScript and runs entirely in a user’s web browser.The game is increasing in popularity in many countries around the world.The company wants to update the application architecture and optimize costs without compromising performance.

What should a solutions architect do to meet these requirements?

Use Amazon CloudFront and create a global distribution that points to the ALB. Reuse the existing certificate from ACM for the CloudFront distribution. Use Amazon Route 53 to update the application alias to point to the distribution.

Use AWS CloudFormation to deploy the application stack to AWS Regions near countries where the game is popular. Use ACM to create a new certificate for each application instance. Use Amazon Route 53 with a geolocation routing policy to direct traffic to the local application instance.

Use Amazon S3 and create an S3 bucket in AWS Regions near countries where the game is popular. Deploy the HTML and JavaScript files to each S3 bucket Use ACM to create a new certificate for each S3 bucket. Use Amazon Route 53 with a geolocation routing policy to direct traffic to the local S3 bucket.

Use Amazon S3 and create an S3 bucket in us-west-2. Deploy the HTML and JavaScript files to the S3 bucket. Use Amazon CloudFront and create a global distribution with the S3 bucket as the origin. Use ACM to create a new certificate for the distribution. Use Amazon Route 53 to update the application alias to point to the distribution.

Explanations:

Using Amazon CloudFront with a global distribution and reusing the existing ACM certificate for SSL offloading improves performance by reducing latency and optimizing content delivery. CloudFront caches content at edge locations globally, ensuring faster access to the game for users worldwide. Route 53 can direct traffic to CloudFront based on the custom domain, making this solution cost-effective and high-performance.

This approach would require deploying multiple application stacks across various AWS Regions, which increases complexity and costs. Managing certificates for each region separately could also add overhead. Additionally, Route 53 geolocation routing could be used, but this approach is more complicated and not as efficient as CloudFront for global distribution.

Using S3 buckets in different regions to serve the game would require managing separate certificates for each bucket, increasing complexity. S3 is not designed for dynamic content hosting (like running a JavaScript-based game), and this solution would not handle the interactive nature of the game well. CloudFront would be a better choice for globally distributed, dynamic content.

While using Amazon S3 with CloudFront for content delivery is a good choice, creating a new ACM certificate for the CloudFront distribution is unnecessary. The existing ACM certificate from the ALB can be reused, making this solution less optimal than Option A. The solution would still work, but it introduces unnecessary complexity by requiring a new certificate.

2025-10-01

1 Comment

  1. Adam
    Author

    I surmise that the answer is:
    Use Amazon CloudFront and create a global distribution that points to the ALB. Reuse the existing certificate from ACM for the CloudFront distribution. Use Amazon Route 53 to update the application alias to point to the distribution.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + 1 =