AWS Certified Solutions Architect – Associate (SAA-C02) — Question 266

A company has an application that is hosted on Amazon EC2 instances in two private subnets. A solutions architect must make the application available on the public internet with the least amount of administrative effort.
What should the solutions architect recommend?

Answer options

• A. Create a load balancer and associate two public subnets from the same Availability Zones as the private instances. Add the private instances to the load balancer.
• B. Create a load balancer and associate two private subnets from the same Availability Zones as the private instances. Add the private instances to the load balancer.
• C. Create an Amazon Machine Image (AMI) of the instances in the private subnet and restore in the public subnet. Create a load balancer and associate two public subnets from the same Availability Zones as the public instances.
• D. Create an Amazon Machine Image (AMI) of the instances in the private subnet and restore in the public subnet. Create a load balancer and associate two private subnets from the same Availability Zones as the public instances.

Correct answer: A

Explanation

To securely expose private EC2 instances to the public internet with minimal effort, an internet-facing load balancer must be deployed in public subnets within the same Availability Zones as the private instances. This allows the load balancer to receive public traffic and route it to the private targets, making Option A the correct and most efficient choice. Options B and D are incorrect because load balancers associated only with private subnets cannot accept public internet traffic, while Option C introduces unnecessary operational overhead by migrating the instances via AMIs.