Best Practices for Addressing Connectivity Problems with AWS Application Load Balancer
Question
Your company has set up an application load balancer and various targets behind the ALB.
But there are continuous problems at times wherein clients cannot connect to the ALB because of the whitelisting required to be done by the IT Security department.
What changes can be made to the architecture to alleviate this problem?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
Since the IP of the Application Load balancer keeps on changing, the workaround is to have a Network Load balancer in front of the ALB.
An elastic IP is then assigned to the Network Load balancer and in this way, the IP address won't change.
Options A and B are incorrect because you can't assign IP addresses to Application Load Balancers.
Option D is incorrect because it needs to be the other way around.
For more information on this scenario, one can visit the below URL.
https://aws.amazon.com/blogs/networking-and-content-delivery/using-static-ip-addresses-for-application-load-balancers/In this scenario, the IT Security department has implemented a whitelist which is causing clients to be unable to connect to the Application Load Balancer (ALB). The architecture needs to be modified to resolve this issue.
Option A: Assign a public IP to the Application Load Balancer Assigning a public IP address to the ALB would allow clients to bypass the IT Security whitelist and connect directly to the ALB. However, this solution may compromise the security of the network and is not recommended.
Option B: Assign an Elastic IP to the Application Load Balancer Assigning an Elastic IP (EIP) to the ALB would provide a static IP address that can be used for whitelisting. However, this solution does not address the issue of clients being unable to connect to the ALB due to the whitelist.
Option C: Place a Network Load Balancer in front of the ALB Placing a Network Load Balancer (NLB) in front of the ALB would allow traffic to be directed to the ALB while still providing the option to whitelist traffic at the NLB. This solution would require additional resources and configuration.
Option D: Place a Network Load Balancer behind the ALB Placing a Network Load Balancer (NLB) behind the ALB would allow traffic to be directed to the NLB first, where whitelist rules can be applied before directing traffic to the ALB. This solution would require additional resources and configuration.
In conclusion, Option C and Option D are both valid solutions to address the problem of clients being unable to connect to the ALB due to the whitelist. However, the choice of which solution to use would depend on the specific requirements and constraints of the network architecture.
