AWS Certified Solutions Architect – Associate (SAA-C02) — Question 150

A company that develops web applications has launched hundreds of Application Load Balancers (ALBs) in multiple Regions. The company wants to create an allow list for the IPs of all the load balancers on its firewall device. A solutions architect is looking for a one-time, highly available solution to address this request, which will also help reduce the number of IPs that need to be allowed by the firewall.
What should the solutions architect recommend to meet these requirements?

Answer options

• A. Create a AWS Lambda function to keep track of the IPs for all the ALBs in different Regions. Keep refreshing this list.
• B. Set up a Network Load Balancer (NLB) with Elastic IPs. Register the private IPs of all the ALBs as targets to this NLB.
• C. Launch AWS Global Accelerator and create endpoints for all the Regions. Register all the ALBs in different Regions to the corresponding endpoints.
• D. Set up an Amazon EC2 instance, assign an Elastic IP to this EC2 instance, and configure the instance as a proxy to forward traffic to all the ALBs.

Correct answer: C

Explanation

The correct answer is C because AWS Global Accelerator provides a single static IP address or addresses that can route traffic to the ALBs across multiple regions, thus simplifying the firewall configuration. Options A and D do not provide a permanent solution and still require management of multiple IPs, while B introduces complexity without achieving the objective of minimizing allowed IPs.