Logo
AWS Certified Solutions Architect - Associate / Question #1089 of 1019

Question #1089

A company's HTTPS application is behind a Network Load Balancer (NLB). The NLB's target group uses an EC2 Auto Scaling group with multiple instances hosting the service. The NLB is configured with TCP health checks on port 443. The company observes that occasional HTTP 500 errors from the application are not detected by the NLB, leading to manual instance restarts. They need an automated solution without custom code to improve availability.

What should a solutions architect recommend to address this issue?

A

Update the NLB's health checks to use HTTPS and provide the application's health check URL. Configure Auto Scaling to replace instances marked unhealthy.
B

Create a CloudWatch alarm monitoring the HTTPCodeBackend5XX metric. Link the alarm to an Auto Scaling policy to replace instances when the alarm triggers.
C

Replace the NLB with an Application Load Balancer (ALB). Configure HTTP health checks with the application's URL and enable Auto Scaling to replace unhealthy instances.
D

Add a systemd service to each EC2 instance to monitor application logs for 500 errors and restart the service automatically when detected.

Explanation

The issue arises because Network Load Balancers (NLBs) operate at Layer 4 (TCP/UDP) and only validate TCP connectivity, not application-layer responses like HTTP status codes. The NLB's TCP health check on port 443 confirms the port is reachable but does not detect HTTP 500 errors.

Option C is correct because Application Load Balancers (ALBs) operate at Layer 7 (HTTP/HTTPS) and can perform HTTP health checks against a specific application URL. This ensures that ALB health checks validate the application's actual HTTP response (e.g., 200 OK vs. 500 errors). If the health check fails, the ALB marks the instance as unhealthy, triggering Auto Scaling to replace it automatically.

Other options are incorrect:
- A: NLBs do not support HTTP/HTTPS health checks.
- B: The HTTPCode_Backend_5XX metric is specific to ALBs, not NLBs, so it would not be available.
- D: Requires custom code/log monitoring, which violates the requirement.

Key Takeaway: Use ALBs (not NLBs) for application-layer health checks when detecting HTTP errors is critical.

Answer

The correct answer is: C