Q47 — AWS SAP-C02 Ch.3

Question 47 of 75 | ← Chapter 3

Q272. A company is serving files to its customers through an SFTP server that is accessible over the internet. The SFTP server is running on a single Amazon EC2 instance with an Elastic IP address attached. Customers connect to the SFTP server through its Elastic IP address and use SSH for authentication. The EC2 instance also has an attached security group that allows access from all customer IP addresses. A solutions architect must implement a solution to improve availability, minimize the complexity of infrastructure management, and minimize the disruption to customers who access files. The solution must not change the way customers connect. Which solution will meet these requirements?

Correct Answer: B. Disassociate the Elastic IP address from the EC2 instance. Create an Amazon S3 bucket to be used for SFTP file hosting. Create an AWS Transfer Family server. Configure the Transfer Family server with a VPC-hosted, internet-facing endpoint. Associate the SFTP Elastic IP address with the new endpoint. Attach the security group with customer IP addresses to the new endpoint. Point the Transfer Family server to the S3 bucket. Sync all files from the SFTP server to the S3 bucket.

Explanation

To improve availability, minimize the complexity of infrastructure management, and minimize the disruption to customers who access files without changing the way customers connect, a solution architect should use AWS Transfer Family to create a new SFTP server and associate it with the existing Elastic IP address used by the current SFTP server. The new SFTP server should be configured to use Amazon S3 for file storage. Therefore, option B is the correct answer. Option A suggests using AWS Transfer Family to create a new SFTP server and associate it with the existing Elastic IP address used by the current SFTP server, but it suggests configuring the Transfer Family server with a publicly accessible endpoint. This approach may not meet the security requirements of the company. Option C suggests using AWS Fargate to run an SFTP server and store files on an Amazon EFS file system. While this approach can work, it may be more complex than necessary and may not meet the performance and scalability requirements of the company. Option D suggests using an Auto Scaling group of EC2 instances running an SFTP server and using a multi-attach Amazon EBS volume for file storage. While this approach can work, it may be more complex than necessary and may not meet the performance and scalability requirements of the company. Therefore, the most appropriate solution is to create a new SFTP server with AWS Transfer Family, configure it with a VPC-hosted, internet-facing endpoint, and associate it with the existing Elastic IP address used by the current SFTP server. The new SFTP server should be pointed to an Amazon S3 bucket for file storage, and the security group with customer IP addresses should be attached to the new endpoint. Finally, all files from the current SFTP server should be synced to the S3 bucket.