Question #553
A company is deploying a globally accessible TCP service on a static port. The solutions architect must design a solution that ensures high availability, spans multiple Availability Zones, and uses the DNS name global.service.com, which is publicly resolvable. The service requires fixed IP addresses to allow external partners to whitelist them. All resources are deployed in a single AWS Region.
Which architecture meets these requirements?
Deploy Amazon EC2 instances with individual Elastic IP addresses. Configure a Network Load Balancer (NLB) with the static TCP port, register the EC2 instances with the NLB, and create an A record for global.service.com pointing to the EC2 instances' Elastic IP addresses. Share these Elastic IPs with partners for allow lists.
Use an Amazon ECS cluster with tasks assigned public IPs. Set up a Network Load Balancer (NLB) with the TCP port, link the ECS service to the NLB via a target group, and create an A record for global.service.com mapping to the ECS tasks' public IPs. Provide these IPs to partners.
Deploy EC2 instances across Availability Zones. Assign one Elastic IP per Availability Zone and attach them to a Network Load Balancer (NLB) configured with the static TCP port. Register the instances with the NLB's target group. Create an A (alias) record for global.service.com pointing to the NLB's DNS name. Share the NLB's fixed Elastic IPs with partners.
Host the service on an Amazon ECS cluster with public IPs for each host. Configure an Application Load Balancer (ALB) for the TCP port, associate the ECS service with the ALB via a target group, and create a CNAME record for global.service.com linked to the ALB's DNS name. Provide the ALB's IPs to partners.
Explanation
Option C meets all requirements:
1. High Availability: EC2 instances are deployed across multiple AZs, and the NLB distributes traffic to them.
2. Fixed IPs: The NLB is assigned one Elastic IP (EIP) per AZ, which are static and can be shared with partners for allow lists.
3. DNS Configuration: An A (alias) record points to the NLB's DNS name, which resolves to its fixed EIPs.
4. TCP Service: NLB supports static TCP ports, unlike ALB (Option D), which is HTTP/HTTPS-focused.
Why others are incorrect:
- A/B: Directly using EC2/ECS instance IPs risks IP changes, violating the fixed IP requirement.
- D: ALB lacks static IPs and is unsuitable for non-HTTP TCP traffic.
Key Points:
- Use NLB for TCP services requiring static IPs.
- Assign EIPs to NLB per AZ for HA and fixed IPs.
- Alias records map DNS to NLB's fixed IPs.
Answer
The correct answer is: C