Which system architecture should the solutions architect recommend?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A company’s facility has badge readers at every entrance throughout the building.When badges are scanned, the readers send a message over HTTPS to indicate who attempted to access that particular entrance.A solutions architect must design a system to process these messages from the sensors.The solution must be highly available, and the results must be made available for the company’s security team to analyze.

Which system architecture should the solutions architect recommend?

Launch an Amazon EC2 instance to serve as the HTTPS endpoint and to process the messages. Configure the EC2 instance to save the results to an Amazon S3 bucket.

Create an HTTPS endpoint in Amazon API Gateway. Configure the API Gateway endpoint to invoke an AWS Lambda function to process the messages and save the results to an Amazon DynamoDB table.

Use Amazon Route 53 to direct incoming sensor messages to an AWS Lambda function. Configure the Lambda function to process the messages and save the results to an Amazon DynamoDB table.

Create a gateway VPC endpoint for Amazon S3. Configure a Site-to-Site VPN connection from the facility network to the VPC so that sensor data can be written directly to an S3 bucket by way of the VPC endpoint.

Explanations:

While launching an EC2 instance can serve as an HTTPS endpoint, it does not provide built-in high availability and scalability features that other AWS services offer. Additionally, managing EC2 instances involves more operational overhead compared to serverless options.

Using Amazon API Gateway to create an HTTPS endpoint allows for a highly available and scalable solution. Invoking an AWS Lambda function to process messages ensures that the processing can scale automatically based on incoming traffic. Saving results to an Amazon DynamoDB table provides a reliable and easily accessible storage option for the security team to analyze the data.

Amazon Route 53 is primarily a DNS service and does not directly handle incoming HTTPS messages. It is not suitable for directing messages to AWS Lambda functions as a processing mechanism for HTTPS requests. This option fails to establish a proper endpoint for receiving the messages.

Creating a gateway VPC endpoint for Amazon S3 allows direct access to S3 from the VPC but does not address the need for an HTTPS endpoint to receive the sensor messages. Additionally, a Site-to-Site VPN connection introduces complexity and does not provide the scalability or ease of use that other options like API Gateway and Lambda offer.

Leave a Reply

Your email address will not be published. Required fields are marked *

five × one =