Optimizing Three-Tier Application Architecture for AWS Networking | ANS-C01 Exam
Question
You're working as a consultant for a company that has a three-tier application.
The application layer of this architecture sends over 20Gbps of data during peak hours to and from Amazon S3
Currently, you're running two NAT gateways in two subnets to transfer the data from your private application layer to Amazon S3
You will also need to ensure that the instances receive software patches from a third-party repository without leaving the AWS network.
What architecture changes should be made, if any?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B.
The AWS Documentation mentions the following.
A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.
Instances in your VPC do not require public IP addresses to communicate with resources in the service.
Traffic between your VPC and the other service does not leave the Amazon network.
Option A is incorrect since the 2 NAT gateways are sufficient.
The NAT gateway can scale up to 45 Gbps.
Option C is incorrect since the subnet needs to remain private.
Option D is incorrect because the bandwidth can degrade due to a VPN connection.
For more information on VPC endpoints, one can visit the below URL.
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.htmlThe current architecture has two NAT gateways that transfer data from the private application layer to Amazon S3. However, during peak hours, the application layer sends over 20Gbps of data, which may lead to a bottleneck in the network. Additionally, the instances need to receive software patches from a third-party repository without leaving the AWS network.
A. Add another NAT gateway: Adding another NAT gateway would increase the number of NAT gateways from two to three. However, this would not solve the problem of network congestion during peak hours. In fact, adding another NAT gateway may increase network complexity and costs.
B. Add a VPC endpoint: Adding a VPC endpoint allows the private application layer to communicate directly with Amazon S3 without going through the internet or NAT gateways. This would eliminate the bottleneck caused by the NAT gateways and provide better network performance. Additionally, a VPC endpoint can be used to access the third-party repository, which would allow the instances to receive software patches without leaving the AWS network.
C. Add an Internet gateway for better throughput: Adding an internet gateway would not solve the problem of network congestion during peak hours. Additionally, an internet gateway is used to connect a VPC to the internet and is not necessary for communicating with Amazon S3 or accessing a third-party repository.
D. Add a VPN connection for better throughput: Adding a VPN connection would not solve the problem of network congestion during peak hours. Additionally, a VPN connection is used to securely connect a VPC to an on-premises data center or remote network, and is not necessary for communicating with Amazon S3 or accessing a third-party repository.
Therefore, the recommended solution would be to add a VPC endpoint to enable direct communication between the private application layer and Amazon S3 and to access the third-party repository, which would provide better network performance and allow instances to receive software patches without leaving the AWS network.
