A company is deploying a multi-tier web application across two AWS Regions. The application uses an Application Load Balancer (ALB) in each region, and traffic must be distributed to the closest healthy ALB using Route 53 latency-based routing. The application requires that clients maintain the same source IP address when the request is forwarded from the ALB to the backend targets. The backend targets are EC2 instances in private subnets. The company also needs to ensure that traffic between the ALB and targets stays within AWS. What should the company implement to meet these requirements?
Trap 1: Deploy a Network Load Balancer (NLB) in each region with targets in…
NLB does not preserve source IP by default and targets in public subnets do not keep traffic within AWS.
Trap 2: Deploy an Application Load Balancer (ALB) with internet-facing…
Internet-facing ALB does not keep traffic within AWS and may not preserve source IP for targets in private subnets.
Trap 3: Use AWS Global Accelerator with endpoints in each region
Global Accelerator does not preserve source IP for ALB endpoints; it preserves source IP only for NLB endpoints.
- A
Deploy a Network Load Balancer (NLB) in each region with targets in public subnets. Use Route 53 latency-based routing to the NLB.
Why wrong: NLB does not preserve source IP by default and targets in public subnets do not keep traffic within AWS.
- B
Deploy an internal ALB in each region. Place targets in private subnets. Use VPC endpoints for the ALB (AWS PrivateLink) and Route 53 latency-based routing to the VPC endpoint.
Internal ALB with VPC endpoints keeps traffic within AWS and preserves source IP.
- C
Deploy an Application Load Balancer (ALB) with internet-facing scheme in each region. Use Route 53 latency-based routing to the ALB.
Why wrong: Internet-facing ALB does not keep traffic within AWS and may not preserve source IP for targets in private subnets.
- D
Use AWS Global Accelerator with endpoints in each region. Attach the ALB as an endpoint and enable client IP preservation on the accelerator.
Why wrong: Global Accelerator does not preserve source IP for ALB endpoints; it preserves source IP only for NLB endpoints.
- E
Deploy an ALB with internet-facing scheme in each region. Use Route 53 latency-based routing to the ALB. Place targets in public subnets to preserve source IP.
Why wrong: Targets in public subnets are not recommended and traffic does not stay within AWS.