A company is worried about potential DDoS attacks. The company has a web application that runs on Amazon EC2 instances. The application uses Amazon S3 to serve static content such as images and videos.
A security engineer must create a resilient architecture that can withstand DDoS attacks.
Which solution will meet these requirements MOST cost-effectively?
To create a resilient architecture that can withstand DDoS attacks cost-effectively, placing EC2 instances into an Auto Scaling group behind an Elastic Load Balancing (ELB) load balancer and using Amazon CloudFront with Amazon S3 as an origin is most effective. Auto Scaling ensures that the number of EC2 instances can dynamically adjust based on traffic load, preventing any single instance from being overwhelmed. ELB distributes incoming traffic, helping to avoid single points of failure. CloudFront, acting as a content delivery network, caches static content, reducing the direct load on the EC2 instances. Utilizing S3 as the origin for static content ensures efficient delivery and further decreases the strain on EC2 instances. This approach leverages AWS services to distribute and manage traffic efficiently, providing a scalable and cost-effective solution that mitigates DDoS attack impacts.
B - Key is MOST cost effective. Cost-Effective: Using Auto Scaling, ELB, CloudFront, and S3 together is a cost-effective way to manage traffic loads and protect against DDoS attacks. AWS Shield Advanced is an expensive premium service. B will be a cheaper solution.
Option B (Auto Scaling, ELB, CloudFront with S3): The costs can vary widely based on your specific usage patterns (e.g., traffic volume, instance types, storage requirements, etc.). It involves paying for compute resources, load balancing, content delivery, and storage, with costs scaling based on usage. Option D (AWS Shield Advanced): Costs $3,000 per month per organization. This cost provides comprehensive DDoS protection across AWS services, including automated attack detection and mitigation by AWS experts. PLUSSSSSSSSSSSSS Scalability and Performance: Option B provides scalable and performant infrastructure for normal traffic conditions and some level of traffic spikes. It improves availability and latency through caching and load balancing mechanisms. DDoS Protection: Option D (AWS Shield Advanced) is specifically designed for mitigating DDoS attacks, offering proactive protection against large-scale and sophisticated DDoS attacks. It includes access to AWS DDoS Response Team for immediate assistance during attacks.
Sorry D is the correct anwser
B is correct. Although it is not effective in preventing HTTP flood attacks, it is an effective method for low-layer DDoS attacks, and given the cost efficiency requirement, it seems undesirable to use "D:AWS Shield Advanced".
My answer is B Load Balancing: An ELB distributes incoming traffic across multiple EC2 instances, ensuring that no single instance is overwhelmed by traffic. This helps to prevent a single point of failure and reduces the impact of a DDoS attack. Auto Scaling: Auto Scaling ensures that the number of EC2 instances is adjusted based on the load, so if an instance fails or becomes overwhelmed, another instance is launched to replace it. This maintains the availability of the application. CloudFront: Amazon CloudFront acts as a reverse proxy, caching frequently accessed content and reducing the load on the EC2 instances. It also provides a static IP address, which can be used to configure firewall rules and improve security. S3 as Origin: Using S3 as the origin for CloudFront ensures that static content is served efficiently and securely, reducing the load on the EC2 instances and making the application more resilient to DDoS attacks.
D for DDOS
D is the most cost-effective solution for mitigating DDoS attacks and maintaining a resilient architecture.