AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 192

A company has developed a web service for language translation. The web service's application runs on a fleet of Amazon EC2 instances that are in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) and are deployed in a private subnet. The web service can process requests that contain hundreds of megabytes of data.

The company needs to give some customers the ability to access the web service. Each customer has its own AWS account. The company must make the web service accessible to approved customers without making the web service accessible to all customers.

Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose two.)

Answer options

• A. Create VPC peering connections with the approved customers only.
• B. Create an AWS PrivateLink endpoint service. Configure the endpoint service to require acceptance that will be granted to approved customers only.
• C. Configure an authentication action for the endpoint service's load balancer to allow customers to log in by using their AWS credentials. Provide only approved customers with the URL.
• D. Configure a Network Load Balancer (NLB) and a listener with the ALB as a target. Associate the NLB with the endpoint service.
• E. Associate the ALB with the endpoint service.

Correct answer: B, D

Explanation

The correct answer is B and D because creating a PrivateLink endpoint service allows for secure access control and minimal exposure of the web service to only approved customers. Option A is incorrect as VPC peering would still expose the service to those customers. Option C involves unnecessary complexity with authentication, and option E does not provide the required access controls.