Ultimate access to all questions.
A company has an AWS-hosted application in the us-east-1 Region, deployed within a VPC, that monitors vending machine inventory levels and triggers automatic restocking. The application uses an Amazon ECS cluster behind an Application Load Balancer (ALB) and communicates with vending machines globally over HTTPS. The company intends to use AWS Global Accelerator with static IP addresses configured in the vending machines for accessing the application endpoint. The application must only be accessible through the accelerator and not directly via the ALB endpoint over the internet.
What solution fulfills these requirements?
A
Configure the ALB in a private subnet of the VPC. Attach an internet gateway without adding routes in the subnet route tables to point to the internet gateway. Configure the accelerator with endpoint groups that include the ALB endpoint. Configure the ALB’s security group to only allow inbound traffic from the internet on the ALB listener port.
B
Configure the ALB in a private subnet of the VPC. Configure the accelerator with endpoint groups that include the ALB endpoint. Configure the ALB's security group to only allow inbound traffic from the internet on the ALB listener port.
C
Configure the ALB in a public subnet of the VPAttach an internet gateway. Add routes in the subnet route tables to point to the internet gateway. Configure the accelerator with endpoint groups that include the ALB endpoint. Configure the ALB's security group to only allow inbound traffic from the accelerator's IP addresses on the ALB listener port.
D
Configure the ALB in a private subnet of the VPC. Attach an internet gateway. Add routes in the subnet route tables to point to the internet gateway. Configure the accelerator with endpoint groups that include the ALB endpoint. Configure the ALB's security group to only allow inbound traffic from the accelerator's IP addresses on the ALB listener port.