Which solution will meet these requirements?
Deploy AWS PrivateLink in front of the application servers. Configure the network ACL to allow only the web servers to access the application servers.
Deploy a VPC endpoint in front of the application servers. Configure the security group to allow only the web servers to access the application servers.
Deploy a Network Load Balancer with a target group that contains the application servers’ Auto Scaling group. Configure the network ACL to allow only the web servers to access the application servers.
Deploy an Application Load Balancer with a target group that contains the application servers’ Auto Scaling group. Configure the security group to allow only the web servers to access the application servers.
Explanations:
AWS PrivateLink is typically used for private connectivity between VPCs or to AWS services. It is not used to control access between EC2 instances within the same VPC. Network ACLs are not ideal for granular control like security groups.
A VPC endpoint is used to enable private connectivity between a VPC and AWS services, but it is not applicable to controlling traffic between EC2 instances. Security groups, which operate at the instance level, should be used for this purpose.
A Network Load Balancer (NLB) is typically used for TCP/UDP traffic and can distribute traffic to multiple targets. However, using NACLs to control access between EC2 instances is not the best practice. Security groups should be used instead for instance-level access control.
An Application Load Balancer (ALB) with a target group is suitable for routing HTTP/HTTPS traffic to application servers. The security group on the application servers can be configured to allow only the web servers to access them, ensuring proper isolation.