Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 34 discussion

Path based routing is not required here. Requirement is "Traffic must be able to flow to the application from other AWS accounts over private connectivity. " - which is a case for PrivateLink. It is option D)

Correct answer is: D B - You cannot create a service endpoint for an ALB Endpoint services require either a Network Load Balancer or a Gateway Load Balancer. The load balancer receives requests from service consumers and routes them to your service. https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html You can have the ALB behind the NLB but not directly as a service endpoint

Network Load Balancer: NLBs are not designed for application-level traffic management and might not provide the required features for this scenario.

VPC service endpoint using NLB. D is correct.

Choosing an Application Load Balancer (ALB) is suitable for handling SSL connections and path-based routing, providing flexibility in directing traffic to different containers based on paths. Creating path-based routing rules allows the application to target specific containers within the ECS service. Creating a VPC endpoint service for the ALB allows other AWS accounts to access the ALB over private connectivity. Sharing the VPC endpoint service enables traffic from other AWS accounts to flow to the ALB securely.

I think that it's answer is D according to SPOTO products.

I think that it's correcty answer is D.

seems B *Create a target group for the tasks and define it as a listener target in an Application Load Balancer (ALB). Configure the ALB with SSL certificates for the secure connections. Yes, it is possible to use a VPC endpoint with an Application Load Balancer (ALB). A VPC endpoint allows private connectivity between resources in your VPC and another AWS service without requiring access over the public internet or NAT. Specifically, you can configure a VPC endpoint for services like API Gateway, S3, DynamoDB etc. and then associate that endpoint with a target group of your ALB. The ALB can then forward traffic privately to those services. https://repost.aws/questions/QUTXcNxnAuRo-YvGdOoKGy2g/can-an-application-load-balancer-invoke-an-api-gateway-http-api-via-a-vpc-endpoint-interface

Correct answer is D.

D is the correct option

this is to exposing the service from ECS(provider) to other consumers, using NLB make sense to be used with private link, hence D

"Traffic must be able to flow to the application from other AWS accounts over private connectivity." You don't want to peer the whole VPC just for exposing a service. You can't create a endpoint service with an ALB. -> D

C and D seem close to the answer, but if I have to choose one, D is Correct The question said that SSL communication between containers is necessary, and the end of SSL communication becomes Container, which means that there is a high possibility that ELB will not off-load In the end, in the case of C, ALB cannot see the decrypted packet, so the URL included in the payload is unknown, and URL-based routing is not possible Therefore, the closest view to the correct answer is D

No reason to use ALB, SSL != HTTPS, while SSL does not strictly require HTTP, it is typically used in conjunction with HTTP to create HTTPS but it isn't required.

B, since you need an ALB for SSL/TLS

B is the correct answer. Use ALB as an endpoint for NLB in VPC Endpoint service. https://aws.amazon.com/about-aws/whats-new/2021/09/application-load-balancer-aws-privatelink-static-ip-addresses-network-load-balancer/

CCCCCCCCC