Which system architecture should the solutions architect recommend?

By:
In: SAA-C02
Tagged:
With: 1 Comment
A company’s facility has badge readers at every entrance throughout the building.When badges are scanned, the readers send a message over HTTPS to indicate who attempted to access that particular entrance.A solutions architect must design a system to process these messages from the sensors.The solution must be highly available, and the results must be made available for the company’s security team to analyze.

Which system architecture should the solutions architect recommend?

Launch an Amazon EC2 instance to serve as the HTTPS endpoint and to process the messages. Configure the EC2 instance to save the results to an Amazon S3 bucket.

Create an HTTPS endpoint in Amazon API Gateway. Configure the API Gateway endpoint to invoke an AWS Lambda function to process the messages and save the results to an Amazon DynamoDB table.

Use Amazon Route 53 to direct incoming sensor messages to an AWS Lambda function. Configure the Lambda function to process the messages and save the results to an Amazon DynamoDB table.

Create a gateway VPC endpoint for Amazon S3. Configure a Site-to-Site VPN connection from the facility network to the VPC so that sensor data can be written directly to an S3 bucket by way of the VPC endpoint.

Explanations:

While using an EC2 instance to serve as an HTTPS endpoint could work, it does not provide high availability out of the box. An EC2 instance can fail, requiring manual intervention for recovery. Additionally, the solution lacks scalability, and managing EC2 instances requires more operational overhead compared to serverless solutions.

This option uses Amazon API Gateway to create a highly available HTTPS endpoint. It integrates seamlessly with AWS Lambda, which can process incoming messages without the need for managing servers. The results can be stored in Amazon DynamoDB, which offers high availability and low-latency access, making it suitable for the security team’s analysis. This architecture scales automatically to handle variable loads and is designed for high availability.

Using Amazon Route 53 to direct incoming messages is unnecessary, as Route 53 is primarily for DNS routing, not for processing HTTPS requests. This option does not specify how messages will be received; thus, it does not present a clear mechanism for processing the sensor data in a highly available manner. Lambda functions can be invoked directly from API Gateway instead of using Route 53, making this approach less efficient.

This option describes a method to connect a facility network to an S3 bucket using a VPC endpoint. However, it does not define a proper HTTPS endpoint to process messages from badge readers. Additionally, writing directly to S3 bypasses processing the messages, which is essential for analysis. This approach lacks the necessary components for high availability and data processing required by the security team.

2025-10-11

1 Comment

  1. Jordan
    Author

    My best guess is:
    Create an HTTPS endpoint in Amazon API Gateway. Configure the API Gateway endpoint to invoke an AWS Lambda function to process the messages and save the results to an Amazon DynamoDB table.

Leave a Reply

Your email address will not be published. Required fields are marked *

eleven − ten =