AWS Certified Advanced Networking - Specialty
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A company operates multiple production applications across various AWS accounts, all within the us-east-1 Region. These applications are accessible only to specific partner companies and are hosted on Amazon EC2 instances within an Auto Scaling group behind an Application Load Balancer (ALB). The EC2 instances reside in private subnets and are configured to accept traffic solely from the ALB. The ALB, located in a public subnet, permits inbound traffic exclusively from partner network IP address ranges over port 80.
Currently, when a new partner is added, the company must update the security group associated with the ALB in each account to include the partner's IP address range. A network engineer needs to implement a solution to centrally manage these partner network IP address ranges.
What is the MOST operationally efficient solution to meet these requirements?
A
Create an Amazon DynamoDB table to maintain all IP address ranges and security groups that need to be updated. Update the DynamoDB table with the new IP address range when the company adds a new partner. Invoke an AWS Lambda function to read new IP address ranges and security groups from the DynamoDB table to update the security groups. Deploy this solution in all accounts.
B
Create a new prefix list. Add all allowed IP address ranges to the prefix list. Use Amazon EventBridge (Amazon CloudWatch Events) rules to invoke an AWS Lambda function to update security groups whenever a new IP address range is added to the prefix list. Deploy this solution in all accounts.
C
Create a new prefix list. Add all allowed IP address ranges to the prefix list. Share the prefix list across different accounts by using AWS Resource Access Manager (AWS RAM). Update security groups to use the prefix list instead of the partner IP address range. Update the prefix list with the new IP address range when the company adds a new partner.
D
Create an Amazon S3 bucket to maintain all IP address ranges and security groups that need to be updated. Update the S3 bucket with the new IP address range when the company adds a new partner. Invoke an AWS Lambda function to read new IP address ranges and security groups from the S3 bucket to update the security groups. Deploy this solution in all accounts.