AWS Certified Solutions Architect – Professional — Question 396

You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet.
The application must have a highly available architecture.
Which alternatives should you consider? (Choose two.)

Answer options

• A. Configure a NAT instance in your VPC. Create a default route via the NAT instance and associate it with all subnets. Configure a DNS A record that points to the NAT instance public IP address.
• B. Configure a CloudFront distribution and configure the origin to point to the private IP addresses of your Web servers. Configure a Route53 CNAME record to your CloudFront distribution.
• C. Place all your web servers behind ELB. Configure a Route53 CNMIE to point to the ELB DNS name.
• D. Assign EIPs to all web servers. Configure a Route53 record set with all EIPs, with health checks and DNS failover.
• E. Configure ELB with an EIP. Place all your Web servers behind ELB. Configure a Route53 A record that points to the EIP.

Correct answer: C, D

Explanation

Placing web servers behind an ELB and routing traffic to its DNS name (Option C) ensures high availability and automatic scaling of the load balancer. Alternatively, assigning EIPs to instances and using Route53 DNS failover with health checks (Option D) provides a resilient architecture directly targeting the instances. Option A is incorrect because NAT instances are for outbound-only traffic, Option B is incorrect because CloudFront cannot route to private IPs over the public internet, and Option E is incorrect because Classic and Application Load Balancers do not support static EIPs.