AWS Certified Advanced Networking - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company has launched a new web application hosted on Amazon EC2 instances behind an Application Load Balancer (ALB), with the instances managed by an Amazon EC2 Auto Scaling group. The application will be accessed globally by enterprise customers, whose employees will connect via HTTPS from their office locations. The company needs to configure firewalls to restrict outbound traffic to only approved IP addresses while ensuring minimal latency for employee access.
What infrastructure modification should a network engineer implement to fulfill these requirements?
Explanation:
To meet the requirements of allowing outbound traffic to only approved IP addresses and ensuring that employees of enterprise customers can access the application with the least amount of latency, the best solution is to use AWS Global Accelerator. AWS Global Accelerator improves the availability and performance of your applications with local or global users. It provides static IP addresses that act as a fixed entry point to your application endpoints in a single or multiple AWS Regions. This setup allows you to configure your firewalls to allow outbound traffic to these static IP addresses. Additionally, AWS Global Accelerator uses the AWS global network to route traffic to the optimal endpoint based on health, geographic location, and routing policies, thus reducing latency for end-users. Therefore, the correct change to make in the infrastructure is to create a new accelerator in AWS Global Accelerator and add the ALB as an accelerator endpoint.