AWS Certified Advanced Networking - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company's application is hosted on Amazon EC2 instances within a single VPC across two Availability Zones in an AWS Region. To inspect traffic between the VPC and the internet, the company uses a fleet of traffic inspection instances from AWS Marketplace, deployed in a shared inspection VPC behind a Gateway Load Balancer (GWLB). To reduce costs, only one inspection instance is deployed per Availability Zone used by the application.
During testing, a network engineer observes that traffic inspection functions correctly under stable network conditions. However, during maintenance of the inspection instances, some application instances experience internet session timeouts and are unable to establish new connections.
Which two actions should be taken to resolve these issues?
Explanation:
The issue arises because during maintenance of the inspection instances, there's a lack of redundancy, leading to internet sessions timing out for some application instances. To ensure high availability and minimize downtime, the solution should include deploying additional inspection instances and ensuring that the Gateway Load Balancer (GWLB) is properly configured to distribute traffic across all available instances. Deploying one additional inspection instance in each Availability Zone where the inspection instances are deployed (Option B) ensures that there's always a backup instance available if one goes down for maintenance. Enabling the cross-zone load balancing attribute for the GWLB (Option C) ensures that traffic is evenly distributed across all inspection instances in all Availability Zones, not just the ones in the same zone as the source of the traffic. This combination provides both redundancy and efficient traffic distribution, addressing the issue of sessions timing out during maintenance.