An AWS administrator is designing internet connectivity for an organization's virtual public cloud (VPC). The organization has web servers with private addresses that must be reachable from the internet. The web servers must be highly available.
Which two configurations can you use to ensure the web servers are highly available and reachable from the internet? (Choose two.)
A, D should be correct Network Load Balancer: Deploying a network load balancer ensures that incoming traffic is distributed across multiple web servers, providing high availability and redundancy. This setup helps in managing traffic efficiently and maintaining service uptime even if some servers fail (Option A). Multiple Availability Zones: Deploying web servers in multiple availability zones (AZs) enhances fault tolerance and availability. If one AZ goes down, servers in other AZs can continue to handle the traffic, ensuring the web application remains accessible (Option D). Other Options Analysis: Option B is incorrect because NAT Gateways are used to provide internet access to instances in private subnets, not to make private addresses reachable from the internet. Option C is not sufficient on its own for high availability. Adding a route to the default VPC route table forwarding traffic to the internet gateway makes the VPC internet-accessible but does not ensure high availability.
For me C make senses, if we want an instance to be reacheable from Internet, at least we need a default route pointing IGW for the traffic come back. D because if we want high availability we need to deploy the instances at least in 2 AZ.
Add a route to the default virtual public cloud (VPC) route table forwarding all traffic to the internet gateway: This option is essential for making web servers reachable from the internet. It ensures that traffic from the VPC is routed correctly to the internet via the Internet Gateway (IGW). Without this configuration, the servers won’t be able to send or receive traffic from the internet, regardless of their availability setup. However, this does not guarantee high availability by itself, but it is a necessary step to enable internet access.
Conclusion: Option C (Route to the Internet Gateway) is critical for internet accessibility. Option D (Multiple Availability Zones) is critical for high availability. Option A (Network Load Balancer) is important for load distribution and fault tolerance, but it doesn’t replace the need for routing traffic to the internet gateway. Thus, C and D would be the better answer combination if the focus is on ensuring both internet reachability and high availability.
Why Option C (Internet Gateway Route) is critical: To make the web servers reachable from the internet, you must add a route in the VPC's route table to the Internet Gateway. Without this, the load balancer itself cannot communicate with external internet clients, and the web servers will not be accessible from the internet. Why Option A (Network Load Balancer) may or may not be necessary: A network load balancer is a useful option for handling high volumes of traffic and distributing it across instances, but it isn't always required for making servers reachable from the internet. However, it does enhance availability by distributing traffic across multiple servers and zones.
Incorrect Options: B. NAT Gateway: A NAT Gateway is for outbound internet traffic from private subnets, not for inbound access. C. Adding a route to the default VPC route table forwarding all traffic to the internet gateway: While an internet gateway and a proper route configuration are essential for internet connectivity, this alone does not provide a front-end endpoint for inbound traffic. You still need a publicly accessible component (like a load balancer or a server with a public IP) to accept requests from the internet. Therefore, the correct combination that ensures both high availability and internet reachability is to deploy a load balancer (A) and host the servers across multiple AZs (D).
Answer: A. Deploy a network load balancer and D. Deploy web servers in multiple availability zones. Explanation: Reachability from the Internet: To make privately addressed web servers accessible from the internet, you cannot rely on a NAT Gateway. A NAT Gateway only facilitates outbound traffic to the internet from servers in private subnets; it does not allow external users to initiate inbound connections to those servers. Instead, you need a publicly accessible endpoint to receive incoming requests. A public-facing load balancer (such as an Application Load Balancer or Network Load Balancer) provides a public DNS name and can route incoming traffic to the private web servers. This makes the web servers reachable from the internet.