AWS Certified Solutions Architect – Associate (SAA-C03) — Question 703

A company is designing a new web service that will run on Amazon EC2 instances behind an Elastic Load Balancing (ELB) load balancer. However, many of the web service clients can only reach IP addresses authorized on their firewalls.

What should a solutions architect recommend to meet the clients’ needs?

Answer options

• A. A Network Load Balancer with an associated Elastic IP address.
• B. An Application Load Balancer with an associated Elastic IP address.
• C. An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address.
• D. An EC2 instance with a public IP address running as a proxy in front of the load balancer.

Correct answer: A

Explanation

A Network Load Balancer (NLB) natively supports assigning static Elastic IP addresses per Availability Zone, allowing clients with strict firewall configurations to easily whitelist these fixed IPs. In contrast, Application Load Balancers (ALBs) do not support direct assignment of Elastic IP addresses and instead rely on dynamic IP addresses. Setting up an EC2 proxy or using Route 53 A records directly to an Elastic IP address does not provide a highly available, managed load-balancing architecture.