AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company has a dynamic web application hosted on two Amazon EC2 instances. The company has its own SSL certificate, which is on each instance to perform SSL termination. There has been an increase in traffic recently, and the operations team determined that SSL encryption and decryption is causing the compute capacity of the web servers to reach their maximum limit. What should a solutions architect do to increase the application's performance?
Other
Community
UAnonymous
A
Create a new SSL certificate using AWS Certificate Manager (ACM). Install the ACM certificate on each instance.
B
Create an Amazon S3 bucket. Migrate the SSL certificate to the S3 bucket. Configure the EC2 instances to reference the bucket for SSL termination.
C
Create another EC2 instance as a proxy server. Migrate the SSL certificate to the new instance and configure it to direct connections to the existing EC2 instances.
D
Import the SSL certificate into AWS Certificate Manager (ACM). Create an Application Load Balancer with an HTTPS listener that uses the SSL certificate from ACM.
Explanation:
Explanation
Correct Answer: D
Why Option D is correct:
- Offload SSL/TLS termination: By using an Application Load Balancer (ALB) with SSL termination, you move the SSL encryption/decryption workload from the EC2 instances to the ALB. This significantly reduces the CPU load on the web servers.
- AWS Certificate Manager (ACM) integration: Importing the existing SSL certificate into ACM allows you to use it with the ALB without needing to manage certificate files on individual instances.
- Scalability: The ALB automatically scales to handle increased traffic and SSL processing, providing better performance and availability.
- Simplified certificate management: ACM provides free SSL/TLS certificates and handles certificate renewals automatically.
Why other options are incorrect:
Option A: Installing ACM certificates on each instance doesn't solve the performance problem - the SSL termination still happens on the EC2 instances, consuming their CPU resources.
Option B: Storing certificates in S3 doesn't offload SSL processing. The EC2 instances would still need to retrieve certificates from S3 and perform SSL termination locally, which doesn't reduce CPU usage.
Option C: Adding another EC2 instance as a proxy server creates additional management overhead and doesn't provide the automatic scaling benefits of a managed load balancer. It also introduces a single point of failure.
Key Benefits of Option D:
- Performance improvement: ALB handles SSL termination, freeing up EC2 instance CPU for application processing
- High availability: ALB automatically distributes traffic across healthy instances
- Cost optimization: ACM provides free SSL certificates and automatic renewals
- Simplified operations: Centralized SSL management and automatic scaling
- Security: ALB provides additional security features like Web Application Firewall (WAF) integration
This solution aligns with AWS best practices for offloading SSL/TLS termination to managed services to improve application performance and scalability.
Comments
Loading comments...