Question #793
A company has deployed a web application on Amazon EC2 instances across three Availability Zones within a VPC. The instances are in private subnets and are part of an Auto Scaling group behind an Application Load Balancer (ALB). The application must communicate with an on-premises database that only allows incoming connections from a specific Elastic IP address. The company's security team has allocated this Elastic IP and added it to the on-premises firewall's allow list. The solutions architect must design a solution that ensures all outbound traffic to the on-premises database originates from the allocated Elastic IP and automatically recovers from any infrastructure failures. Which solution meets these requirements?
Deploy three NAT gateways, one in each public subnet. Assign the Elastic IP address to all NAT gateways. Configure health checks for the NAT gateways. If a NAT gateway fails, automatically recreate it and reattach the Elastic IP address.
Replace the ALB with a Network Load Balancer (NLB). Assign the Elastic IP address to the NLB. Enable health checks for the NLB. If a health check fails, redeploy the NLB in a different subnet.
Deploy a single NAT gateway in a public subnet. Assign the Elastic IP address to the NAT gateway. Use Amazon CloudWatch to monitor the NAT gateway's health. If it becomes unhealthy, trigger an AWS Lambda function to create a new NAT gateway in another subnet and associate the Elastic IP address.
Assign the Elastic IP address to the ALB. Configure an Amazon Route 53 health check for the ALB. If the health check fails, redeploy the ALB in a different subnet and update the Route 53 record.
Explanation
Option C is correct because:
- NAT gateways allow instances in private subnets to communicate externally. Assigning the Elastic IP (EIP) to the NAT gateway ensures all outbound traffic to the on-premises database originates from the required EIP.
- Deploying a single NAT gateway with CloudWatch monitoring and Lambda automation ensures automatic recovery. If the NAT gateway fails, the Lambda function recreates it in another subnet and reattaches the EIP, maintaining connectivity.
Other options fail because:
- A: NAT gateways cannot share the same EIP, and recreating them manually isn't scalable.
- B: NLBs handle inbound traffic, not outbound, and cannot assign EIPs to EC2 outbound traffic.
- D: ALBs do not support EIPs, and Route 53 health checks do not address outbound traffic requirements.
Key Points:
1. NAT gateways in public subnets enable outbound traffic from private subnets.
2. EIPs must be assigned to NAT gateways for consistent source IPs.
3. Automated recovery via CloudWatch and Lambda ensures high availability despite single-AZ NAT gateway deployments.
Answer
The correct answer is: C