A company has global users accessing an HTTP application deployed on Amazon EC2 in multiple Regions. The company wants to improve availability and performance, protect the app from common web exploits that affect availability or security, and require static IP addresses. What should a solutions architect recommend?
Choose an answer
Tap an option to check your answer.
Correct answer: Put the EC2 instances behind Application Load Balancers (ALBs) in each Region. Deploy AWS WAF on the ALBs. Create an accelerator using AWS Global Accelerator and register the ALBs as endpoints..
Why this is the answer
The correct solution uses Application Load Balancers (ALBs) because the application is HTTP-based, and ALBs are designed for advanced HTTP/HTTPS routing features. AWS WAF is deployed on the ALBs to protect against common web exploits. AWS Global Accelerator is then used to provide static IP addresses and improve performance and availability for global users by directing traffic to the closest healthy endpoint (the ALBs in this case). Incorrect options: Using Network Load Balancers (NLBs) is incorrect because the application is HTTP, and ALBs offer more features for HTTP traffic. While WAF can be associated with NLBs via Gateway Load Balancer Endpoints, it's not the primary association for direct WAF protection on an HTTP application. Using Amazon CloudFront with Route 53 latency-based routing is incorrect because CloudFront is a CDN and while it improves performance by caching, it doesn't inherently provide static global IP addresses for the application itself in the same way Global Accelerator does for direct traffic routing. Also, deploying WAF on CloudFront is an option, but the question implies WAF protection closer to the application layer.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed