Which solution meets these requirements and is MOST secure?

By:
On:
In: SAA-C02
Tagged:
With: 0 Comments
A solutions architect needs to design a highly available application consisting of web, application, and database tiers.HTTPS content delivery should be as close to the edge as possible, with the least delivery time.

Which solution meets these requirements and is MOST secure?

Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in public subnets. Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin.

Amazon EC2 instances in private subnets Configure. Configure a public Application Load Balancer with multiple redundant Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin.

Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets. Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin.

Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets. Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin.

Explanations:

While using a public ALB and CloudFront for content delivery, placing the EC2 instances in public subnets exposes them directly to the internet, increasing security risks. Additionally, CloudFront should ideally use a private ALB as the origin to enhance security by not exposing the backend directly to the public.

This configuration suggests using a public ALB with EC2 instances in private subnets and CloudFront as the content delivery network (CDN). However, without a public-facing ALB, CloudFront cannot access the EC2 instances, making this option impractical for serving content.

This option offers a secure design with a public ALB directing traffic to multiple redundant EC2 instances in private subnets. CloudFront, serving HTTPS content, acts as a secure front that reduces latency by caching content at the edge, while keeping the application tier secure from direct internet exposure.

This configuration uses a public ALB and places EC2 instances in public subnets, which exposes the backend directly to the internet. While CloudFront can deliver content, this approach lacks the necessary security, as it does not utilize private subnets for the application tier.

Leave a Reply

Your email address will not be published. Required fields are marked *

15 − 2 =