You have an existing application that runs on your premise and currently uses a non-relational database.
Your team has decided to move the application to the cloud environment and the database to DynamoDB to use some of its features like scaling and data streaming.
As per the management outline, for post-migration, all the communication between the application and the DynamoDB must be secure and scalable as the load will increase in the near future.
EC2 instances should use their private IP addresses to access DynamoDB with no exposure to the public internet.
What combinations can be used to design the migration and the post-migration activities, including the secure connection to DynamoDB? Select three options.
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer: A, D, and E.
Option A is CORRECT because the question is asking for migration and migrating the application to AWS.
So, EC2 would be the best fit here.
Option B is INCORRECT because VPC gateway endpoints should be used.
Option C is INCORRECT because VPC endpoints are only accessible from EC2 instances inside a VPC.
In case you are running it from your local premise, you will have to run it via a proxy that redirects to VPC based resource and then towards the endpoint.
Option D is CORRECT because an Auto Scaling group can dynamically scale the EC2 instances to maintain steady performance.
In response to actual traffic patterns, Amazon DynamoDB auto scaling can dynamically adjust provisioned throughput capacity on your behalf.
Option E is CORRECT because VPC Endpoints provide a secure link to access the AWS resources from a VPC.
Please check the reference in https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/vpc-endpoints-dynamodb.html.
Sure, I'd be happy to provide a detailed explanation!
The scenario presented in this question involves migrating an existing application that uses a non-relational database to the cloud environment and specifically to DynamoDB. The goal is to take advantage of DynamoDB's scaling and data streaming capabilities. Additionally, the management outline specifies that all communication between the application and DynamoDB must be secure and scalable.
To achieve this, we need to consider a few different aspects of the migration and post-migration activities. These might include things like network connectivity, security, scalability, and more.
Let's go through each answer option in turn to see how they fit into the overall picture.
Option A: Migrate the on-premises application to AWS EC2
Migrating the on-premises application to AWS EC2 could be a valid option, depending on the specific requirements of the application. However, it's worth noting that this option alone doesn't address the requirement for secure and scalable communication with DynamoDB. It's possible that some additional steps would be required to achieve this.
Option B: Use the HTTP endpoint of DynamoDB to make sure all communication is secure
This option is not correct. While it is true that DynamoDB provides an HTTPS endpoint for secure communication, this alone does not guarantee that all communication is secure. There are other factors to consider, such as authentication and authorization, that are necessary to ensure the security of the overall system.
Option C: Connect your on-premises network to AWS using VPN to access DynamoDB via VPC endpoints
This option is a strong possibility. By using a VPN connection to connect the on-premises network to the VPC hosting DynamoDB, it's possible to ensure that all communication is secure and private. This can also be done using VPC peering if the on-premises network is on another VPC. Additionally, by using VPC endpoints to access DynamoDB, it's possible to ensure that the communication remains within the AWS network, which can help improve performance and reduce latency.
Option D: Host the application in an Auto Scaling group and enable Amazon DynamoDB auto-scaling
This option is also a strong possibility. By hosting the application in an Auto Scaling group and enabling DynamoDB auto-scaling, it's possible to ensure that the system is scalable and can handle increasing load over time. Additionally, by using DynamoDB auto-scaling, it's possible to ensure that the capacity of the database scales up or down automatically based on the actual usage of the system, which can help reduce costs.
Option E: Use the VPC gateway endpoint to connect with your DynamoDB
This option is also correct. By using the VPC gateway endpoint, it's possible to access DynamoDB securely without exposing it to the public internet. This can help improve security and ensure that all communication remains within the AWS network. It's worth noting that this option may not be as performant as using VPC endpoints, as traffic may need to traverse the internet to reach the gateway endpoint.
In summary, the three correct answer options for designing the migration and post-migration activities, including the secure connection to DynamoDB, are: