AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company has a three-tier web application that is deployed on AWS. The web servers are deployed in a public subnet in a VPC. The application servers and database servers are deployed in private subnets in the same VPC. The company has deployed a third-party virtual firewall appliance from AWS Marketplace in an inspection VPC. The appliance is configured with an IP interface that can accept IP packets.
A solutions architect needs to integrate the web application with the appliance to inspect all traffic to the application before the traffic reaches the web server.
Which solution will meet these requirements with the LEAST operational overhead?
Other
Community
UAnonymous
A
Create a Network Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection.
B
Create an Application Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection.
C
Deploy a transit gateway in the inspection VPC. Configure route tables to route the incoming packets through the transit gateway.
D
Deploy a Gateway Load Balancer in the inspection VPC. Create a Gateway Load Balancer endpoint to receive the incoming packets and forward the packets to the appliance.
Explanation:
Explanation
Correct Answer: D
Why Option D is correct:
-
Gateway Load Balancer (GWLB) is specifically designed for this use case - GWLB is a specialized load balancer designed to deploy, scale, and manage virtual appliances like firewalls, intrusion detection/prevention systems, and deep packet inspection systems.
-
GWLB Endpoint provides seamless integration - The Gateway Load Balancer endpoint (GWLBe) allows traffic to be redirected to the firewall appliance transparently without requiring changes to the application architecture or complex routing configurations.
-
Least operational overhead - GWLB automatically manages the scaling, health checks, and traffic distribution to the firewall appliances. It provides a simple, managed solution that reduces operational complexity compared to other options.
-
Works with third-party appliances - GWLB is specifically designed to work with third-party virtual appliances from AWS Marketplace, making it the ideal solution for this scenario.
Why other options are incorrect:
-
Option A (Network Load Balancer): NLB operates at Layer 4 and could route traffic, but it would require complex configuration and doesn't provide the specialized features for virtual appliances that GWLB offers.
-
Option B (Application Load Balancer): ALB operates at Layer 7 and is designed for HTTP/HTTPS traffic, not for general packet inspection of all traffic types. It's not suitable for this use case.
-
Option C (Transit Gateway): While Transit Gateway can route traffic between VPCs, it doesn't provide the specialized appliance integration, scaling, and management features that GWLB offers. It would require more complex routing configurations and manual management.
Key AWS Services Involved:
- Gateway Load Balancer (GWLB): For deploying, scaling, and managing virtual appliances
- Gateway Load Balancer Endpoint (GWLBe): For transparent traffic redirection
- VPC: For network isolation and segmentation
- AWS Marketplace: For third-party virtual appliances
Architecture Flow:
- Incoming traffic → GWLB Endpoint in application VPC
- GWLB Endpoint redirects traffic → GWLB in inspection VPC
- GWLB distributes traffic → Firewall appliances
- Inspected traffic → Web servers in public subnet
Comments
Loading comments...