AWS Certified Advanced Networking - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company has created a web service for language translation, hosted on a fleet of Amazon EC2 instances within an Auto Scaling group. These instances are deployed in a private subnet and are fronted by an Application Load Balancer (ALB). The web service handles requests with data sizes in the hundreds of megabytes.
The company must enable specific customers, each with their own AWS account, to access the web service. Access should be restricted to approved customers only, without exposing the service to all customers.
Which two-step combination will fulfill these requirements with the MINIMUM operational overhead? (Choose two.)
Explanation:
To meet the company's requirements with the least operational overhead, the best approach is to use AWS PrivateLink. AWS PrivateLink provides private connectivity between VPCs, AWS services, and on-premises applications, securely on the Amazon network. It allows the company to expose their web service to approved customers without making it accessible to all customers. Option B suggests creating an AWS PrivateLink endpoint service and configuring it to require acceptance, which will be granted to approved customers only. This approach ensures that only approved customers can access the web service, meeting the company's security requirements. Option E suggests associating the ALB with the endpoint service. This is necessary because the ALB is the front-end for the web service, and associating it with the endpoint service ensures that traffic from approved customers is routed through the PrivateLink connection, maintaining the security and privacy of the web service. Therefore, the combination of steps B and E will meet the company's requirements with the least operational overhead.