Your company hosts a social media website for storing and sharing documents. The web
application allows user to upload large files while resuming and pausing the upload as needed.
Currently, files are uploaded to your PHP front end backed by Elastic load Balancing and an
autoscaling fleet of Amazon Elastic Compute Cloud (EC2) instances that scale upon average of
bytes received (NetworkIn). After a file has been uploaded, it is copied to Amazon Simple Storage
Service (S3). Amazon EC2 instances use an AWS Identity and Access Management (IAM) role
that allows Amazon S3 uploads. Over the last six months, your user base and scale have
increased significantly, forcing you to increase the Auto Scaling group’s Max parameter a few
times. Your CFO is concerned about rising costs and has asked you to adjust the architecture
where needed to better optimize costs. Which architecture change could you introduce to reduce
costs and still keep your web application secure and scalable?
A.
Replace the Auto Scaling launch configuration to include c3.8xlarge instances; those instances
can potentially yield a network throuthput of 10gbps.
B.
Re-architect your ingest pattern, have the app authenticate against your identity provider, and use
your identity provider as a broker fetching temporary AWS credentials from AWS Secure Token
Service (GetFederationToken). Securely pass the credentials and S3 endpoint/prefix to your app.
Implement client-side logic to directly upload the file to Amazon S3 using the given credentials
and S3 prefix.
C.
Re-architect your ingest pattern, and move your web application instances into a VPC public
subnet.
Attach a public IP address for each EC2 instance (using the Auto Scaling launch configuration
settings).
Use Amazon Route 53 Round Robin records set and HTTP health check to DNS load balance the
app requests; this approach will significantly reduce the cost by bypassing Elastic Load
Balancing.
D.
Re-architect your ingest pattern, have the app authenticate against your identity provider, and use
your identity provider as a broker fetching temporary AWS credentials from AWS Secure Token
Service (GetFederationToken). Securely pass the credentials and S3 endpoint/prefix to your app.
Implement client-side logic that used the S3 multipart upload API to directly upload the file to
Amazon S3 using the given credentials and S3 prefix.
D
a.Replace the Autoscaling launch Configuration to include c3.8xlarge instances; those instances can potentially yield a network throughput of 10gbps. (no info of current size and might increase cost)
b.Re-architect your ingest pattern, have the app authenticate against your identity provider as a broker fetching temporary AWS credentials from AWS Secure token service (GetFederation Token). Securely pass the credentials and s3 endpoint/prefix to your app. Implement client-side logic to directly upload the file to amazon s3 using the given credentials and S3 Prefix. (will not provide the ability to handle pause and restarts)
c.Re-architect your ingest pattern, and move your web application instances into a VPC public subnet. Attach a public IP address for each EC2 instance (using the auto scaling launch configuration settings). Use Amazon Route 53 round robin records set and http health check to DNS load balance the app request this approach will significantly reduce the cost by bypassing elastic load balancing. (ELB is not the bottleneck)
d.Re-architect your ingest pattern, have the app authenticate against your identity provider as a broker fetching temporary AWS credentials from AWS Secure token service (GetFederation Token). Securely pass the credentials and s3 endpoint/prefix to your app. Implement client-side logic that used the S3 multipart upload API to directly upload the file to Amazon s3 using the given credentials and s3 Prefix. (multipart allows one to start uploading directly to S3 before the actual size is known or complete data is downloaded)
Correct answer is D