You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The application must have a highly available architecture. Which alternatives should you consider? (Choose two.)
A.
Configure a NAT instance in your VPC. Create a default route via the NAT instance and associate it with all subnets. Configure a DNS A record that points to the NAT instance public IP address.
B.
Configure a CloudFront distribution and configure the origin to point to the private IP addresses of your Web servers. Configure a Route53 CNAME record to your CloudFront distribution.
C.
Place all your web servers behind ELB. Configure a Route53 CNMIE to point to the ELB DNS name.
D.
Assign EIPs to all web servers. Configure a Route53 record set with all EIPs, with health checks and DNS failover.
E.
Configure ELB with an EIP. Place all your Web servers behind ELB. Configure a Route53 A record that points to the EIP.
C & E
A. Configure a NAT instance in your VPC. Create a default route via the NAT instance and associate it with all subnets. Configure a DNS A record that points to the NAT instance public IP address. - DOEST NO TMAKE SENSE. NAT IS FOR OUTGOING NOT INCOMING.
B. Configure a CloudFront distribution and configure the origin to point to the private IP addresses of your Web servers. Configure a Route53 CNAME record to your CloudFront distribution. ORIGIN CAN NOT BE PRIVATE IP.
C. Place all your web servers behind ELB. Configure a Route53 CNMIE to point to the ELB DNS name. POSSIBLE ANSWER
D. Assign EIPs to all web servers. Configure a Route53 record set with all EIPs, with health checks and DNS failover. WHAT? NON SENSE.
E. Configure ELB with an EIP. Place all your Web servers behind ELB. Configure a Route53 A record that points to the EIP. WILL WORK.
C says "Configure a Route53 CNME to point to the ELB DNS name".
How do you configure a Route 53 CNAME record for ELB DNS?? It has to be an ALIAS record.
Assuming that the question and the provided options are correct, the only possible answer is D and E
The correct options are B&C:
D&E are incorrect because:
D. Assign EIPs to all web servers. Configure a Route53 record set with all EIPs, with health checks and DNS failover.
Why this is incorrect:
- While this approach can work, it is not scalable or cost-effective.
- Managing multiple Elastic IPs (EIPs) and configuring Route53 health checks for each server is complex.
- DNS failover is slower than ELB or CloudFront for traffic routing and failover.
E. Configure ELB with an EIP. Place all your Web servers behind ELB. Configure a Route53 A record that points to the EIP.
Why this is incorrect:
- ELB does not support Elastic IPs (EIPs). ELB uses its own DNS name, which dynamically resolves to the IP addresses of the load balancer nodes.
- You should use a Route53 CNAME or alias record to point to the ELB DNS name, not an A record with an EIP.
BnC is my answer.
A is obviousl wrong because NAT is for outbound.
While D required managing individual EIPs can be complex and costly. It does not scale well and lacks the load balancing features provided by ELB.
And it is very clear that ELB itself does not use EIPs. ELBs are accessed through their DNS names, and associating an EIP with an ELB is not standard practice or necessary.
C. Place all your web servers behind ELB. Configure a Route53 CNMIE to point to the ELB DNS name.
E. Configure ELB with an EIP. Place all your Web servers behind ELB. Configure a Route53 A record that points to the EIP.
C is not applicable as CNAMIE records are specialized type of record used in Route 53 specifically for routing traffic to multiple Elastic IPs (Elastic Network Interfaces) in a round-robin fashion.
D. is never recommended, to give EIPs to each server. You need a LB
Why nobody said that there is no CNMIE type of record at all? I hardly believe that somebody could make 2 mistakes in one word. It makes C the wrong answer. I think that D and E will work, but I agree that D is not the best architecture.
The correct alternatives are C and D.
Option C involves placing all your web servers behind an Elastic Load Balancer (ELB). This is a good choice for achieving high availability because the ELB will automatically distribute incoming traffic across multiple web servers, ensuring that the application remains available even if one or more of the web servers fail. You can then configure a Route 53 CNAME record to point to the ELB DNS name.
Option D involves assigning Elastic IP addresses (EIPs) to all your web servers. This allows you to configure a Route 53 record set with all the EIPs and set up health checks and DNS failover. This ensures that the application remains available even if one or more of the web servers fail, as traffic will be automatically routed to the remaining healthy web servers.
Option A involves configuring a NAT instance in your VPC and creating a default route via the NAT instance. While this can be used to allow Internet connectivity for resources in your VPC, it is not a good choice for achieving high availability because it relies on a single NAT instance, which could become a single point of failure.
Option B involves configuring a CloudFront distribution and configuring the origin to point to the private IP addresses of your web servers. While CloudFront can be used to deliver content from your web servers, it is not a good choice for achieving high availability because it relies on the origin servers being available, and it does not provide any failover mechanism.
Option E involves configuring ELB with an EIP and placing all your web servers behind ELB. This is not a good choice because an EIP is a static IP address that is assigned to a specific resource, such as an instance or a load balancer. An EIP cannot be used to route traffic to multiple resources, so this option would not provide any failover mechanism.
A not HA.
B is wrong as CloudFront origin should be accessible through the public internet.
C is a normal setup
D May satisfy the request, but how fast can it failover? possible multi-value would be better, and it is against security practice.
E. Similar to C but NLB, but "an" EIP, sounds weird. It requires at least two IPs. But providing one EIP is not wrong (just tried create with on EIP, and another one assigned by AWS :-) )
So my answer is C and E
D is similar to C
Key is we need to reach the service from INTERNET. That requires a Public IP.
A. Nat does not allow ingress. It maps multiple egress origins to one IP not the other way. >>>>NOT POSSIBLE
B. We need a public IP. Private IP will not be accessible. >>>>NOT POSSIBLE
C. ELB has a private IP only so it is not accessible. >>>>NOT Possible.
D. Public IP is available. DNS can distribute traffic. >>>> POSSIBLE
E. EIP provides a public IP an. ELB is scaling. A record can point to EIP. >>>> POSSIBLE
One may argue against D. I see that. It does work. Health check ensures availability and load is distributed by DNS resolution(round robin default).
Valid solution: ED
Yes, an AWS Elastic Load Balancer (ELB) can have a public IP address by default if it is configured to be an internet-facing load balancer. As per the AWS documentation, when you create a Network Load Balancer to be internet-facing, it will have a public IP address by default and each node of the load balancer in the Availability Zone will use a network interface to get an IPv4 address [1][3]. However, it is important to note that the nodes of an internal load balancer have only private IP addresses [2].
Therefore, if you want to have a public IP address for your ELB, you should configure it to be an internet-facing load balancer. On the other hand, if you want to have an internal load balancer, it will have only private IP addresses, and you will need to configure it accordingly [2].
C. Place all your web servers behind ELB. Configure a Route53 CNMIE to point to the ELB DNS name.
D. Assign EIPs to all web servers. Configure a Route53 record set with all EIPs, with health checks and DNS failover.
A. makes no sense,
B. as mentioned you cannot have a private IP as origin, so definitely wrong
C. Right, no discussion here
D. Works but is not a good solution but is high available
E. Considering NLB this works and could be an elegant solution BUT it says assign ONE IP, so it is NOT HA,
I keep going with C,D due to HA
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
thai
Highly Voted 3 years, 4 months agonitinz
3 years, 4 months agoExtHo
3 years, 4 months agoblackgamer
3 years, 4 months agoDashL
3 years, 3 months agoPauldi
2 years, 4 months agoalexua
1 year, 10 months agouser0001
2 years, 9 months agoMr_AQ
Most Recent 3 days, 20 hours agoGeorgeObamogie
1 month, 1 week agoChinta
4 months, 2 weeks agothanhpolimi
5 months agoamministrazione
5 months, 3 weeks ago2cool2touch
10 months, 4 weeks agoJPA210
1 year agoAimarLeo
1 year agoAlexDevOps
1 year, 9 months agogameoflove
1 year, 11 months agonyxs_19
2 years agomrD87
2 years, 1 month agomrD87
2 years, 1 month agoTigerInTheCloud
2 years, 2 months agohobokabobo
2 years, 2 months ago[Removed]
1 year, 10 months agocldy
3 years, 2 months agoCoffeinerd
3 years, 3 months ago