Which solution meets these requirements?

By:
On:
In: SCS-C01
Tagged:
With: 0 Comments
A user is implementing a third-party web application on an Amazon EC2 instance.All client communications must be over HTTPS, and traffic must be terminated before it reaches the instance.Communication to the instance must be over port 80.Company policy requires that workloads reside in private subnets.

Which solution meets these requirements?

Create an Application Load Balancer. Add an HTTP listener for port 80 to redirect traffic to HTTPS on port 443. Add another listener with an AWS Certificate Manager (ACM) certificate for termination and a rule that forwards to the target instance through port 80.

Allocate an Elastic IP address that has SSL termination activated. Associate the Elastic IP address with the instance on port 80.

Create a Gateway Load Balancer. Add an HTTP listener for port 80 to redirect traffic to HTTPS on port 443. Add another listener with an AWS Certificate Manager (ACM) certificate for termination and a rule that forwards to the target instance through port 80.

Implement a Network Load Balancer. Add an HTTP listener for port 80 to redirect traffic to HTTPS on port 443. Add another listener with an AWS Certificate Manager (ACM) certificate for termination and a rule that forwards to the target instance through port 80.

Explanations:

An Application Load Balancer (ALB) is suitable for HTTPS termination as it can handle SSL certificates via AWS Certificate Manager (ACM) and forward traffic to instances over HTTP (port 80). This meets the requirements for terminating HTTPS before reaching the EC2 instance and allows communication on port 80.

Allocating an Elastic IP with SSL termination directly associated with the instance is not a valid solution, as Elastic IPs do not support SSL termination. Additionally, exposing the instance directly would violate the company policy requiring workloads to reside in private subnets.

A Gateway Load Balancer is not designed for SSL termination or handling HTTP to HTTPS redirection. It is primarily used for deploying and managing third-party virtual appliances, making it unsuitable for the requirements of terminating HTTPS traffic before reaching an EC2 instance.

A Network Load Balancer (NLB) operates at Layer 4 and does not support SSL termination; it simply forwards traffic to the targets without decrypting it. Thus, it cannot meet the requirement of terminating HTTPS before forwarding to the EC2 instance on port 80.

Leave a Reply

Your email address will not be published. Required fields are marked *

6 − one =