AWS Certified Advanced Networking - Specialty
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A company is moving an application to the AWS Cloud and has established connectivity between AWS Direct Connect and its on-premises data center. The application operates on Amazon EC2 instances distributed across multiple Availability Zones within an Auto Scaling group. The application communicates via HTTPS with a third-party vendor’s data service hosted at the company’s data center, which uses a static ACL with explicit IP allow listing.
What network solution should a network engineer implement to ensure the migrated application can access the vendor’s data service as it scales, while minimizing ongoing changes to the vendor’s allow list?
A
Configure a private NAT gateway in the subnets for each Availability Zone that the application runs in. Configure the application to target the NAT gateways instead of the data service directly. Update the data service's allow list to include the IP addresses of the NAT gateways.
B
Configure an elastic network interface in the subnets for each Availability Zone that the application runs in. Associate the elastic network interfaces with the Auto Scaling group for the application. Update the data service's allow list to include the IP addresses of the elastic network interfaces.
C
Configure an elastic network interface in the subnets for each Availability Zone that the application runs in. Launch an EC2 instance into each subnet. Attach the respective elastic network interfaces to the new EC2 instances. In the application subnet route tables, configure the new EC2 instances as the next destination for the data service. Update the data service’s allow list to include the IP addresses of the elastic network interfaces.
D
Configure an Application Load Balancer (ALB) in the subnets for each Availability Zone that the application runs in. Configure an ALB-associated target group that contains a target that uses the IP address for the data service. Configure the application to target the ALB instead of the data service directly. Update the data service's allow list to include the IP addresses of the ALBs.