Topic 1 Question 246
A company runs a web application on Amazon EC2 instances in multiple Availability Zones. The EC2 instances are in private subnets. A solutions architect implements an internet-facing Application Load Balancer (ALB) and specifies the EC2 instances as the target group. However, the internet traffic is not reaching the EC2 instances.
How should the solutions architect reconfigure the architecture to resolve this issue?
Replace the ALB with a Network Load Balancer. Configure a NAT gateway in a public subnet to allow internet traffic.
Move the EC2 instances to public subnets. Add a rule to the EC2 instances’ security groups to allow outbound traffic to 0.0.0.0/0.
Update the route tables for the EC2 instances’ subnets to send 0.0.0.0/0 traffic through the internet gateway route. Add a rule to the EC2 instances’ security groups to allow outbound traffic to 0.0.0.0/0.
Create public subnets in each Availability Zone. Associate the public subnets with the ALB. Update the route tables for the public subnets with a route to the private subnets.
ユーザの投票
コメント(17)
- 正解だと思う選択肢: D
I change my answer to 'D' because of following link: https://aws.amazon.com/premiumsupport/knowledge-center/public-load-balancer-private-ec2/
👍 8bdp1232023/02/22 I think either the question or the answers are not formulated correctly because of this document: https://docs.aws.amazon.com/prescriptive-guidance/latest/load-balancer-stickiness/subnets-routing.html A - Might be possible but it's quite impractical B - Not needed as the setup described should work as is provided the SGs of the EC2 instances accept traffic from the ALB C - Update the route tables for the EC2 instances’ subnets to send 0.0.0.0/0 traffic through the internet gateway route - not needed as the EC2 instances would receive the traffic from the ALB ENIs. Add a rule to the EC2 instances’ security groups to allow outbound traffic to 0.0.0.0/0 - the default behaviour of the SG is to allow outbound traffic only. D - Create public subnets in each Availability Zone. Associate the public subnets with the ALB - if it's a internet facing ALB these should already be in place. Update the route tables for the public subnets with a route to the private subnets - no need as the local prefix entry in the route tables would take care of this point
I'm 110% sure the question or answers or both are wrong. Prove me wrong! :)
👍 6ktulu26022023/03/05- 正解だと思う選択肢: D
D. Create public subnets in each Availability Zone. Associate the public subnets with the ALB. Update the route tables for the public subnets with a route to the private subnets.
This solution will resolve the issue by allowing the internet traffic to reach the EC2 instances. By creating public subnets in each availability zone and associating them with the ALB, the internet traffic will be directed to the ALB. Updating the route tables for the public subnets with a route to the private subnets will allow the traffic to be routed to the private subnets where the EC2 instances reside. This ensures that the traffic reaches the correct target group, and the security group of the instances allows inbound traffic from the internet.
👍 4mhmt44382023/01/15
シャッフルモード