Topic 1 Question 361

AWS Certified Solutions Architect - Professional

Topic 1 Question 361
A software as a service (SaaS) company uses AWS to host a service that is powered by AWS PrivateLink. The service consists of proprietary software that runs on three Amazon EC2 instances behind a Network Load Balancer (NLB). The instances are in private subnets in multiple Availability Zones in the eu-west-2 Region. All the company's customers are in eu-west-2.

However, the company now acquires a new customer in the us-east-1 Region. The company creates a new VPC and new subnets in us-east-1. The company establishes inter-Region VPC peering between the VPCs in the two Regions.

The company wants to give the new customer access to the SaaS service, but the company does not want to immediately deploy new EC2 resources in us-east-1.

Which solution will meet these requirements?
- Configure a PrivateLink endpoint service in us-east-1 to use the existing NLB that is in eu-west-2. Grant specific AWS accounts access to connect to the SaaS service.
- Create an NLB in us-east-1. Create an IP target group that uses the IP addresses of the company's instances in eu-west-2 that host the SaaS service. Configure a PrivateLink endpoint service that uses the NLB that is in us-east-1. Grant specific AWS accounts access to connect to the SaaS service.
- Create an Application Load Balancer (ALB) in front of the EC2 instances in eu-west-2. Create an NLB in us-east-1. Associate the NLB that is in us-east-1 with an ALB target group that uses the ALB that is in eu-west-2. Configure a PrivateLink endpoint service that uses the NLB that is in us-east-1. Grant specific AWS accounts access to connect to the SaaS service.
- Use AWS Resource Access Manager (AWS RAM) to share the EC2 instances that are in eu-west-2. In us-east-1, create an NLB and an instance target group that includes the shared EC2 instances from eu-west-2. Configure a PrivateLink endpoint service that uses the NLB that is in us-east-1. Grant specific AWS accounts access to connect to the SaaS service.
ユーザの投票
コメント(13)
- 正解だと思う選択肢: A
  A
  
  Explanation:
  
  Configuring a PrivateLink endpoint service in us-east-1 to use the existing NLB that is in eu-west-2 will allow the new customer to access the SaaS service without deploying new EC2 resources in us-east-1 1.
  
  Granting specific AWS accounts access to connect to the SaaS service will ensure that only authorized users can access the service 1.
  👍 7
  devalenzuela862023/11/22
- 正解だと思う選択肢: B
  The best option among these is B. While it introduces some complexity, it's the most viable solution that aligns with AWS capabilities and the company's requirements. Creating an NLB in us-east-1 and targeting the IP addresses of the existing instances in eu-west-2 is a feasible approach. This setup allows the company to use their existing infrastructure in eu-west-2 while providing access to the customer in us-east-1 through the PrivateLink endpoint service in us-east-1. This avoids the immediate need to deploy new EC2 resources in the us-east-1 region.
  
  It can't be A because AWS PrivateLink endpoint services cannot span regions. They are region-specific, so an endpoint service in us-east-1 cannot directly use an NLB located in eu-west-2.
  
  👍 4
  heatblur2023/11/30
- B is correct. See https://docs.aws.amazon.com/whitepapers/latest/aws-privatelink/use-case-examples.html
  
  👍 3
  George882023/11/24
シャッフルモード

ユーザの投票

コメント(13)