Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 52 discussion

The correct answer is B. Provisioning an ALB, an Auto Scaling group, and EC2 instances in a different AWS region provides redundancy and failover capability for the application. By creating a second origin for the new ALB in the second region, the CloudFront distribution can automatically route traffic to the healthy origin in case of an issue with the primary origin. This ensures that the application remains highly available and fault-tolerant. Option A is not correct because it uses Route 53 failover records, which can result in increased latency and DNS resolution time for clients. Option C is not correct because it doesn't provide redundancy for the load balancer, which is a critical component of the application. Option D is not correct because it does not provide redundancy for the application in case of an issue with the primary origin in the first region.

For HA, always user second region but its there in all options. Here Cloudfront distribution multiple origin groups is the key point Solution Architects should know of. Configuring 2nd origin as ALB --> EC2 instances target group in another regions setup makes highly available. If Cloudfront detects that response is Http error (fault) code like 4XX,5XX etc, it will failover to secondary origin (ALB of another region) which makes this fault tolerant. Answer is B. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html

B. Provision an ALB, an Auto Scaling group, and EC2 instances in a different AWS Region. Update the CloudFront distribution, and create a second origin for the new ALCreate an origin group for the two origins. Configure one origin as primary and one origin as secondary.

This architecture is an active-active DR strategy. You would do it with R53 failover because R53 has healthchecks, and once the primary is down all requests go to the failover. With CloudFront failover, all requests would continue to hit the failed primary before being routed to the failover distribution, which increases latency and possibly compounds problems in the failed stack. Interestigly, the best solution would actually be a combination between A and B, as this blog post shows: https://aws.amazon.com/blogs/networking-and-content-delivery/improve-web-application-availability-with-cloudfront-and-route53-hybrid-origin-failover/

A is wrong because CloudFront distros can't be added to Route 53. B is correct C is wrong because ALBs are single region and don't do failover. D would work, but is overengineered in this context.

Option B is correct because it involves creating a redundant setup in another AWS Region with its own ALB, Auto Scaling group, and EC2 instances. By updating the CloudFront distribution to include a second origin for the new ALB and creating an origin group with primary and secondary origins, CloudFront can automatically route traffic to the secondary origin if the primary is unhealthy. This setup leverages CloudFront’s global reach to improve availability and fault tolerance without the need for DNS-level changes. Option A is not correct because it suggests creating a secondary deployment and updating the Route 53 A record to be a failover record with both CloudFront distributions as values. While Route 53 health checks and failover records can improve availability, CloudFront distributions themselves cannot be directly specified as values in A records for failover purposes. This option might lead to confusion in its implementation details.

Who the hell cooked this terrible question design. Usually, HA means single region, DR means cross region. The question is asking HA while all the answer are using cross region solutions. When Dynamic content is involved, the dynamic content has to be store in a persistent storage, while question says the dynamic content is store on the EC2 instances in an ASG, which means the EC2 instances are ephemeral. And when Dynamic content is involved, no matter HA or DR, a replication component must be built so that the Dynamic content will be replicated to the other side so that it can be available when the event happens. While, none of the answers mentions replication at all.

Not A. CloudFront is a global service, having two distributions will not increase fault-tolerance Not C. Single ALB is a single-point-of-failure and also you cannot have Target Group in a different region Not D. CloudFront is a global service, having two distributions will not increase fault-tolerance and combining CloudFront with AWS Global Accelerator makes no sense B is correct as provisioning an ALB, an Auto Scaling group, and EC2 instances in a different AWS region provides redundancy and failover capability for the application. The origin group is the right way to enable failover for CloudFront distributions origin

Not Create a second CloudFront Distribution, it's update the distribution with multi origins. Ref: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html#concept_origin_groups.creating "Make sure the distribution has more than one origin. If it doesn’t, add a second origin."

it's a B

Both A and B would work, but A is tangibly worse in terms of performing fail-over (because it relies on DNS) and gains you little, since CloudFront is highly available by its nature, making a second CF distribution doesn't improve your application's robustness.

Provision an ALB, an Auto Scaling group, and EC2 instances in a different AWS Region.

B is the best solution with very high availability (compared to the R53 failover solution)

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html

B looks good.

B is correct. C is not correct, because ALB is regional service, so ALB have to be added too.