Q39 — AWS SAP-C02 Ch.2
Question 39 of 75 | ← Chapter 2
Q189. A company is building a solution in the AWS Cloud. Thousands of devices will connect to the solution and send data. Each device needs to be able to send and receive data in real time over the MQTT protocol. Each device must authenticate by using a unique X 509 certificate. Which solution will meet these requirements with the LEAST operational overhead?
- A. Set up AWS loT Core. For each device, create a corresponding Amazon MQ queue and provision a certificate. Connect each device to Amazon MQ
- B. Create a Network Load Balancer (NLB) and configure it with an AWS Lambda authorizer. Run an MQTT broker on Amazon EC2 instances in an Auto Scaling group. Set the Auto Scaling group as the target for the NLB. Connect each device to the NLB
- C. Set up AWS loT Core. For each device, create a corresponding AWS loT thing and provision a certificate. Connect each device to AWS loT Core ✓
- D. Set up an Amazon API Gateway HTTP API and a Network Load Balancer (NLB). Create integration between API Gateway and the NLB. Configure a mutual TLS certificate authorizer on the HTTP API. Run an MQTT broker on an Amazon EC2 instance that the NLB targets. Connect each device to the NLB
Correct Answer: C. Set up AWS loT Core. For each device, create a corresponding AWS loT thing and provision a certificate. Connect each device to AWS loT Core
Explanation
Option C would be the best solution to meet these requirements with the least operational overhead. AWS IoT Core is a fully managed service that provides secure and reliable communication between devices and cloud applications using MQTT. It supports device authentication using X.509 certificates, which can be provisioned through AWS IoT Core. This allows each device to securely connect to AWS IoT Core and send and receive data in real-time over MQTT without having to manage any infrastructure. Option A involves setting up and managing an Amazon MQ instance for each device, which can be operationally expensive and complex to manage as the number of devices increases. Option B and Option D involve running an MQTT broker on an EC2 instance, which requires operational effort to manage and maintain the EC2 instances and the underlying infrastructure. Additionally, configuring a Network Load Balancer (NLB) and an AWS Lambda authorizer (Option B) or an API Gateway HTTP API with mutual TLS certificate authorizer (Option D) can introduce additional points of failure and complexity. Overall, Option C provides the most streamlined and scalable solution with the least amount of operational overhead as it leverages the fully managed and scalable AWS IoT Core service.