Network Design

Answer - A and D.

The AWS Documentation mentions the following.

Use Case: A load balancer, two public subnets, two private subnets, two NAT Gateways,

The NAT Gateway goes into both public subnets (Public-Subnet-A, Public-Subnet-B).

The EC2 instances are launched in private subnets across two AZs (Private-Subnet-A, Private-Subnet-B).

The Route Table Private-Subnet-A points to the NAT Gateway in Public-Subnet-A.The Route Table Private-Subnet-B points to the NAT Gateway in Public-Subnet-B.If one of the AZs should fail, then the EC2 instances in the remaining private subnet will still communicate with the Internet because they have their own NAT Gateway in that AZ.

Option B is incorrect since the ELB needs to be placed in the public subnet to access the Internet.

Option C is incorrect because the Auto Scaling groups should be placed in the private subnets for security and the question also requires that users cannot access the application through the public IP addresses of the instances.

For more information on an example to use the Load balancer, please visit the below URL-

https://aws.amazon.com/premiumsupport/knowledge-center/public-load-balancer-private-ec2/

To host a web-based application with high availability, it is a best practice to use Elastic Load Balancer (ELB) and Auto Scaling group together. An ELB distributes incoming traffic across multiple instances in multiple Availability Zones (AZs) for the same region to achieve high availability. Auto Scaling group helps to automatically adjust the number of instances running in response to changes in demand for the application.

To ensure that users only access the application via the DNS name of the load balancer instead of the EC2 public IP addresses, we need to design the network part of the application properly.

Option A: Configure 2 public subnets for the Elastic Load Balancer An ELB needs to be deployed in public subnets to allow access from the internet. By configuring 2 public subnets for the ELB, we can achieve high availability in case of failure in one subnet. However, this option alone does not ensure that users only access the application via the DNS name of the load balancer.

Option B: Configure 2 private subnets for the Elastic Load Balancer It is not recommended to deploy an ELB in private subnets as it requires internet access for incoming traffic. However, if we use a VPN or Direct Connect to access the VPC, then we can deploy the ELB in private subnets. This option alone does not ensure that users only access the application via the DNS name of the load balancer.

Option C: Configure 2 public subnets for the Auto Scaling group An Auto Scaling group needs to be deployed in private subnets to ensure that the instances are not exposed to the internet. By configuring 2 public subnets for the Auto Scaling group, we cannot achieve this goal. Also, this option alone does not ensure that users only access the application via the DNS name of the load balancer.

Option D: Configure 2 private subnets for the Auto Scaling group. This is the correct option. To ensure that the instances are not exposed to the internet, an Auto Scaling group needs to be deployed in private subnets. By configuring 2 private subnets for the Auto Scaling group, we can achieve high availability in case of failure in one subnet. Also, we can use a NAT Gateway to allow instances to connect to the internet for updates and patches. Finally, by placing the ELB in the public subnets, we can ensure that users only access the application via the DNS name of the load balancer.

Therefore, the correct answers are B and D.