AWS Certified Solutions Architect – Associate (SAA-C02) — Question 630

A company is planning to migrate a TCP-based application into the company's VPC. The application is publicly accessible on a nonstandard TCP port through a hardware appliance in the company's data center. This public endpoint can process up to 3 million requests per second with low latency. The company requires the same level of performance for the new public endpoint in AWS.
What should a solutions architect recommend to meet this requirement?

Answer options

• A. Deploy a Network Load Balancer (NLB). Configure the NLB to be publicly accessible over the TCP port that the application requires.
• B. Deploy an Application Load Balancer (ALB). Configure the ALB to be publicly accessible over the TCP port that the application requires.
• C. Deploy an Amazon CloudFront distribution that listens on the TCP port that the application requires. Use an Application Load Balancer as the origin.
• D. Deploy an Amazon API Gateway API that is configured with the TCP port that the application requires. Configure AWS Lambda functions with provisioned concurrency to process the requests.

Correct answer: A

Explanation

A Network Load Balancer (NLB) operates at Layer 4 (Transport Layer) and is designed to handle millions of requests per second with ultra-low latency, making it ideal for high-performance TCP applications. Application Load Balancer (ALB) and Amazon API Gateway operate at Layer 7 (Application Layer) and are restricted to HTTP/HTTPS protocols, meaning they cannot natively route raw, nonstandard TCP traffic. Amazon CloudFront also only supports HTTP/HTTPS traffic on specific ports and cannot be used for arbitrary TCP-based protocols.