AWS Certified Solutions Architect – Professional (SAP-C02) — Question 362
A company provides a software as a service (SaaS) application that runs in the AWS Cloud. The application runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The instances are in an Auto Scaling group and are distributed across three Availability Zones in a single AWS Region.
The company is deploying the application into additional Regions. The company must provide static IP addresses for the application to customers so that the customers can add the IP addresses to allow lists. The solution must automatically route customers to the Region that is geographically closest to them.
Which solution will meet these requirements?
Answer options
- A. Create an Amazon CloudFront distribution. Create a CloudFront origin group. Add the NLB for each additional Region to the origin group. Provide customers with the IP address ranges of the distribution’s edge locations.
- B. Create an AWS Global Accelerator standard accelerator. Create a standard accelerator endpoint for the NLB in each additional Region. Provide customers with the Global Accelerator IP address.
- C. Create an Amazon CloudFront distribution. Create a custom origin for the NLB in each additional Region. Provide customers with the IP address ranges of the distribution’s edge locations.
- D. Create an AWS Global Accelerator custom routing accelerator. Create a listener for the custom routing accelerator. Add the IP address and ports for the NLB in each additional Region. Provide customers with the Global Accelerator IP address.
Correct answer: B
Explanation
AWS Global Accelerator standard accelerators provide static IP addresses that serve as a fixed entry point to applications hosted in multiple AWS Regions, automatically routing traffic to the geographically closest healthy endpoint. Amazon CloudFront IP ranges are not static and change frequently, making them unsuitable for firewall allow lists. A custom routing accelerator is incorrect because it is designed to route traffic to specific destination EC2 instances and ports, which is unnecessary for this standard NLB load-balancing scenario.