A company has a web application hosted over 10 Amazon EC2 instances with traffic directed by Amazon Route 53. The company occasionally experiences a timeout error when attempting to browse the application. The networking team finds that some DNS queries return IP addresses of unhealthy instances, resulting in the timeout error.
What should a solutions architect implement to overcome these timeout errors?
To address timeout errors caused by unhealthy instances, you should use an Application Load Balancer (ALB) that performs health checks on the EC2 instances. The ALB will only route traffic to healthy instances, improving reliability and availability. Routing traffic to the ALB through Route 53 ensures that DNS queries resolve to the ALB, which then manages traffic distribution efficiently across healthy instances.
ALB performs health checks on the EC2 instances, so it will only route traffic to healthy instances. This avoids the timeout errors. ALB provides load balancing across the instances, improving performance and availability. Route 53 routes to the ALB DNS name, so you don't have to manage records for each EC2 instance. This is a standard and robust architecture for public-facing web applications. The ALB acts as the entry point and handles health checks and scaling.
It is not clear from the question whether the 10 EC2s are running within the same region. ALB can only direct traffic within region, while route 53 can route traffic to multiple locations, hence C and D are wrong.
But B has one primary record and 9 failover records. A is correct, simple policy with health checks, that makes sure that only IPs of healthy instances are returned.
If you focus on the question, both A and D seems to be correct. A is correct because simple routing policy for health check is doable BUT it is also wrong because we don't know how to determine the health of instance. D is correct because " The company occasionally experiences a timeout error when attempting to browse the application" which suggest aplication is being acccessed by a browser with means it's HTTP based and ALB is better for HTTP based healthchecks. A web application timing out is not necessarily unhealthy instance, strictly speaking. It's just bad web application running on a healthy instance! So A may not be correct also.
D. **Application Load Balancer (ALB) with Health Checks, Routed via Route 53**: - Creating an ALB in front of the EC2 instances and configuring health checks on the ALB will ensure that only healthy instances receive traffic. Route 53 can then direct traffic to the ALB, which in turn, routes traffic to healthy instances based on the health check results. Among the provided options, the one that directly addresses the issue of routing traffic only to healthy instances is: **D. Create an Application Load Balancer (ALB) with a health check in front of the EC2 instances. Route to the ALB from Route 53.**
By creating an ALB and configuring health checks, the architect ensures that only healthy instances receive traffic. The ALB periodically checks the health of the EC2 instances based on the configured health check settings. Routing traffic to the ALB from Route 53 ensures that DNS queries return the IP address of the ALB instead of individual instances. This allows the ALB to distribute traffic only to healthy instances, avoiding timeouts caused by unhealthy instances. A & B: While associating health checks with each record can help identify unhealthy instances, it does not provide automatic load balancing and distribution of traffic to healthy instances. C: While CloudFront can improve performance and availability, it is primarily a CDN and may not directly address the issue of load balancing and distributing traffic to healthy instances. Therefore, option D is the most appropriate solution to overcome the timeout errors by implementing an ALB with health checks and routing traffic through Route 53.
I believe both C and D will work, but C seems less complex. hopefully somebody here is more advanced(not an old student learning AWS like me) to explain why not C.
Although B can work as well, but it's nor a professional choice to associate the healthcheck with 10 EC2 instances, ALB is better option here. A is incorect: Simple Routing Policies Can’t be associated with Health Checks C is incorrect: Cloudfront is for caching content which is irrelevant.
Simple routing policies can be associated with Health Checks https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-simple-configs.html
A meets the requirement ("overcome these timeout errors") without any other changes. "If you configure health checking for all the records in a group of records that have the same name, the same type (such as A or AAAA), and the same routing policy (such as weighted or failover), Route 53 responds to DNS queries by choosing a healthy record and returning the applicable value from that record. (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/health-checks-how-route-53-chooses-records.html)
"You can use Route 53 health checking to configure active-active and active-passive failover configurations. You configure active-active failover using any routing policy (or combination of routing policies) other than failover. ... Use this failover configuration when you want all of your resources to be available the majority of the time. When a resource becomes unavailable, Route 53 can detect that it's unhealthy and stop including it when responding to queries.
In active-active failover, all the records that have the same name, the same type (such as A or AAAA), and the same routing policy (such as weighted or latency) are active unless Route 53 considers them unhealthy. Route 53 can respond to a DNS query using any healthy record." (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-types.html#dns-failover-types-active-passive)
B - No, "you configure active-active failover using any routing policy (or combination of routing policies) OTHER THAN FAILOVER". With B, all traffic would go one primary instance unless it is unhealthy. C - Not sure how to configure multiple EC2 instances as the origin without an LB. Even if that would be possible it would introduce more changes and complexity, which is not asked for. D - Would work if all EC2 instances are in the same region, which we don't know. But it would also incur additional cost and potentially have other effects.
B is wrong. The DNS cache in clients could drive to timeouts. With ALB this issue won't happen since the DNS register will be the same and ALB will take care of unhealty nodes.
B is wrong. The DNS cache in clients could drive to timeouts. With ALB this issue won't happen since the DNS register will be the same and ALB will take care of unhealty nodes.
i was looking at A, but indeed D is the best option, because the usually the TTL of the records is at least 60 seconds (nobody sets lower unless testing something ,because there is a charge per number of unique requests. ALB health check can be set as low as desired, which helps exclude the problematic ec2 faster than the DNS TTL expires
Option D allows for the creation of an Application Load Balancer which can detect unhealthy instances and redirect traffic away from them.
D for sure
Those who are confused between A and D, A is wrong as you can't associate a health check with Simple routing policy record.
D is the best answer
Clearly the question is all about Amazon Route 53 that has Failover routing policy that is used when you want to configure active-passive failover.
I vote d