Question #1763
A company is deploying a REST API on Amazon EC2 instances behind an Elastic Load Balancing (ELB) load balancer. Legacy client systems require traffic to originate from a fixed IP address for firewall permissions. What should the solutions architect implement to satisfy this requirement?
A Network Load Balancer with an associated Elastic IP address.
An Application Load Balancer with an associated Elastic IP address.
An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address.
An EC2 instance with a public IP address running as a proxy in front of the load balancer.
Explanation
The correct answer is A because Network Load Balancers (NLBs) allow the association of Elastic IP addresses (EIPs), which provide static, fixed IP addresses. Legacy systems requiring firewall rules based on fixed IPs can whitelist these EIPs. NLBs are designed for high performance and static IP use cases, making them ideal here.
Option B is incorrect because Application Load Balancers (ALBs) do not support Elastic IPs; they rely on DNS names with dynamically changing IPs. Option C is invalid because pointing a Route 53 A record to an EIP bypasses the load balancer, removing scalability and high availability. Option D introduces an unnecessary proxy EC2 instance with a public IP, adding management overhead and a potential single point of failure.
Key Points:
1. NLBs support Elastic IPs, ALBs do not.
2. Static IPs are critical for legacy firewall rules.
3. Avoid solutions that bypass load balancers or add complexity.
Answer
The correct answer is: A