Q63 — AWS ANS-C01 Ch.1
Question 63 of 100 | ← Chapter 1
A company is deploying an application. The application is implemented in a series of containers in an Amazon Elastic Container Service (Amazon ECS) cluster. The company will use the Fargate launch type for its tasks. The containers will run workloads that require connectivity initiated over An SSL connection. Tra¨c must be able to §ow to the application from other AWS accounts over private connectivity. The application must scale In a manageable way as more consumers use the application. Which solution will meet these requirements?
- A. Choose a Gateway Load Balancer (GLB) as the type of load balancer for the ECS service. Create a lifecycle hook to add new tasks to the Target group from Amazon ECS as required to handle scaling. Specify the GLB in the service de¦nition. Create a VPC peer for external AWS Accounts. Update the route tables so that the AWS accounts can reach the GLB.
- B. Choose an Application Load Balancer (ALB) as the type of load balancer for the ECS service. Create path-based routing rules to allow the Application to target the containers that are registered in the target group. Specify the ALB in the service de¦nition. Create a VPC endpoint Service for the ALB Share the VPC endpoint service with other AWS accounts.
- C. Choose an Application Load Balancer (ALB) as the type of load balancer for the ECS service. Create path-based routing rules to allow the Application to target the containers that are registered in the target group. Specify the ALB in the service de¦nition. Create a VPC peer for the External AWS accounts. Update the route tables so that the AWS accounts can reach the ALB.
- D. Choose a Network Load Balancer (NLB) as the type of load balancer for the ECS service. Specify the NLB in the service de¦nition. Create a VPC endpoint service for the NLB. Share the VPC endpoint service with other AWS accounts. ✓
Correct Answer: D. Choose a Network Load Balancer (NLB) as the type of load balancer for the ECS service. Specify the NLB in the service de¦nition. Create a VPC endpoint service for the NLB. Share the VPC endpoint service with other AWS accounts.
Explanation
考虑到应用需求,包括需要SSL连接、跨AWS账户的私有连接访问、以及可管理的扩展性,最合适的解决方案是D选项。这是因为NetworkLoadBalancer(NLB)能够处理TCP流量(适用于SSL/TLS),并且支持VPCEndpointService,允许其他AWS账户通过私有连接访问。NLB还适合需要高性能、低延迟的场景,如微服务架构或容器化应用。虽然ALB也支持HTTPS,但它主要用于HTTP/HTTPS流量的应用层路由,而NLB更适合于需要直接传输TCP流量的场景。此外,VPCEndpointService提供了一种安全的方式来共享资源,满足跨账户访问的需求。 查看全部