Which solution is the MOST scalable with minimal configuration changes?
Write an AWS Lambda script to get the IP addresses of the ALBs in different Regions. Update the on-premises firewall’s rule to allow the IP addresses of the ALBs.
Migrate all ALBs in different Regions to the Network Load Balancer (NLBs). Update the on-premises firewall’s rule to allow the Elastic IP addresses of all the NLBs.
Launch AWS Global Accelerator. Register the ALBs in different Regions to the accelerator. Update the on-premises firewall’s rule to allow static IP addresses associated with the accelerator.
Launch a Network Load Balancer (NLB) in one Region. Register the private IP addresses of the ALBs in different Regions with the NLB. Update the on- premises firewall’s rule to allow the Elastic IP address attached to the NLB.
Explanations:
While using a Lambda script to dynamically retrieve the IP addresses of ALBs could work, it requires ongoing maintenance and manual updates to the firewall rules whenever the IP addresses change. This approach is not scalable or efficient due to the dynamic nature of ALB IP addresses.
Migrating all ALBs to NLBs would require significant architectural changes and operational overhead. Furthermore, NLBs can have Elastic IP addresses, but the management and update of firewall rules would still be necessary if the NLBs’ IPs change, making this option less scalable.
Using AWS Global Accelerator provides static IP addresses that can be used to route traffic to ALBs in multiple regions. This allows the on-premises firewall rules to be simplified and made more stable, as only the static IPs of the Global Accelerator need to be allowed, thus offering a scalable solution with minimal configuration changes.
Launching an NLB in one region and registering the private IPs of ALBs in different regions complicates the architecture without providing a scalable solution. The firewall would still require updates based on the Elastic IP of the NLB, and the configuration would involve additional complexity in routing and management.