AWS Certified Solutions Architect – Associate (SAA-C02) — Question 516

A company is designing a new web service that will run on Amazon EC2 instances behind an Elastic Load Balancer. However, many of the web service clients can only reach IP addresses whitelisted on their firewalls.
What should a solutions architect recommend to meet the clients' needs?

Answer options

• A. A Network Load Balancer with an associated Elastic IP address.
• B. An Application Load Balancer with an associated Elastic IP address
• C. An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address
• D. An EC2 instance with a public IP address running as a proxy in front of the load balancer

Correct answer: A

Explanation

A Network Load Balancer (NLB) can be assigned a static Elastic IP address for each active Availability Zone, which provides the fixed IP addresses that clients need to whitelist on their firewalls. In contrast, an Application Load Balancer (ALB) does not natively support direct assignment of Elastic IP addresses. While a proxy EC2 instance could provide a static IP, it introduces a single point of failure and unnecessary management overhead compared to a managed NLB.