A company has migrated a legacy application to the AWS Cloud, deploying three Amazon EC2 instances across three Availability Zones, with one instance in each zone. These instances operate within three private subnets of a VPC and are configured as targets for an Application Load Balancer (ALB) associated with three public subnets. The application requires secure communication with on-premises systems, allowing only traffic from the company's specified IP address range. The security team has designated a single internal IP address for cloud use, which has been whitelisted in the company's firewall and assigned an Elastic IP address. The solutions architect must devise a strategy that enables the application to communicate with on-premises systems while ensuring automatic failure mitigation. Which solution meets these criteria?

Exam-Like

Deploy three NAT gateways, each in a different public subnet, and assign the Elastic IP address to these gateways. Enable health checks for the NAT gateways; if a gateway fails a health check, recreate it and reassign the Elastic IP address to the new gateway.

37.5%

Replace the ALB with a Network Load Balancer (NLB), assign the Elastic IP address to the NLB, and enable health checks. If the NLB fails a health check, redeploy it in different subnets.

12.5%

Deploy a single NAT gateway in one of the public subnets, assign the Elastic IP address to it, and use Amazon CloudWatch with a custom metric to monitor its health. If the NAT gateway becomes unhealthy, invoke an AWS Lambda function to create a new NAT gateway in a different subnet and reassign the Elastic IP address to it.

37.5%

Assign the Elastic IP address to the ALB, create an Amazon Route 53 simple record with the Elastic IP address as the value, and set up a Route 53 health check. If the health check fails, recreate the ALB in different subnets.

12.5%

AWS Certified Solutions Architect - Professional

Get started today

Comments