You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB). a fleet of
web/application servers, and an RDS database The entire Infrastructure must be distributed over 2 availability
zones.
Which VPC configuration works while assuring the database is not available from the Internet?
A.
One public subnet for ELB one public subnet for the web-servers, and one private subnet for the database
B.
One public subnet for ELB two private subnets for the web-servers, two private subnets for RDS
C.
Two public subnets for ELB two private subnets for the web-servers and two private subnets for RDS
D.
Two public subnets for ELB two public subnets for the web-servers, and two public subnets for RDS
Correct answer should be B. Subnets do not work over multiple AZs.
Why not C?
When you create a internet-facing ELB, it needs to be residing in a pubic subnet. ELB failover should be configured vis Route53 records set, not subsets. We need one public subnet for ELB. It looks to me only B is the right choice.
Sorry for the typo. pubic = public, and vis = via.
Why not C?
The question is confusing. A can be a correct answer if the public and private subnets are in different availability zones, but it’s not clear if the availability zone requirement is meant for RDS. However, all the other options can be ruled out because the web servers cannot be in a private subnet (not accessible from the internet), and the RDS servers cannot be in a public subnet. A is the only choice here.
The answer is C.
The question says that it must be distributed over 2 availability zones. So if the application needed only public subnets you could get away with only 2. However, the database connection needs to be private, resulting in the creation of 2 more subnets.
Quote from AWS
“Each subnet must reside entirely within one Availability Zone and cannot span zones”
Reference
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#VPCSubnet
+1
C should be the correct one and the best practice.
Public subnet ELB talking to private subnet EC2 is confirmed below as well.
https://forums.aws.amazon.com/message.jspa?messageID=528818
No this won’t work, if you create Internet-facing ELB and try to add private subnets, you get this warning message:
“This is an Internet-facing ELB, but there is no Internet Gateway attached to the subnet you have just selected: subnet-74dc4111”
Also from the documentation of ELB in AWS Docs: The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes.
For C or B, if the webservers are in private subnets and doesn’t have any public IP (or subnets), how would the ELB redirect traffic into them?
No need for public ip while using ELB
ELB will not work properly if only instances in private subnet are attached, subsequently public subnets should also be attached to the ELB ensuring there are in same availability zone( Private subnet and Public subnet). The private instance which are launched from the subnet should also have a public subnet from the same availability zone.
The answer is C.
If ELB can span multiple availability zones and aws configures the ELB service for high availability. Then why would I need 2 subnets for the ELB? The correct answer is B
Sorry I meant B. The answer is B.
Here is a snippet from http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/setting-up-elb.html
Subnets for Your Load Balancer
To ensure that your load balancer can scale properly, verify that each subnet for your load balancer has a CIDR block with at least a /27 bitmask (for example, 10.0.0.0/27) and has at least 8 free IP addresses. Your load balancer uses these IP addresses to establish connections with the back-end instances.
Create a subnet in each Availability Zone where you want to launch instances. Depending on your application, you can launch your instances in public subnets, private subnets, or a combination of public and private subnets. A public subnet has a route to an Internet gateway. Note that default VPCs have one public subnet per Availability Zone by default.
When you create a load balancer, you must attach one or more public subnets to the load balancer. If your instances are in private subnets, create public subnets in the same Availability Zones as the subnets with your instances; you will attach these public subnets to the load balancer.
—–
A couple of things stand out – we need 2 ELBs (one per AZ) so that eliminates A and B. Option D is also not okay since that one puts RDS in a public subnet which violates the requirement of “assuring the database is not available from the Internet”. Therefore C is the right answer.
Answer can be B or C depends upon our assumption what we are taking into mind.
If we have Route53 as DNS server then we can go for C because Route53 can failover to second ELB if first ELB AZ fails.
If we don’t take Route53 as DNS then B is right answer.
Can any one explain , If Answer is “C” , How can webserver will be able to communicate if they are in private subnets ?
Through a NAT gateway
I think the answer can be C.
There should be 2 Public subnets for Load balancer – for failover.
2 private subnets for web servers and RDS within the same VPC will have access to the public load balancer.
Though C & D are corrcet, C is more appropriate because EC2 and RDS can be in private subnet
C is correct.
The ELB must have a corresponding public subnet for each AZ that the private subnets are in. So if you have two private subnets, one in AZ A and one in AZ B. You need a public subnet in each A and B for the ELB to be able to communicate with the web-servers in the private subnets.
From AWS, “When you create a load balancer, you must add one or more public subnets to the load balancer. If your instances are in private subnets, create public subnets in the same Availability Zones as the subnets with your instances; you will add these public subnets to the load balancer.”
Answer is C, During ELB creation, it asks which public subnets the traffic should flow thru, once that is done, they will communicate them to webservers placed in private subnet in each zone, this is a very common pattern.
Answer – C
It is recommended to have your web tier and Db tier in private.
Answer is A, as you cannot put your Database in Public subnet.
Answer is definitely C .
2 public subnets for ELB
2 web servers in 2 private subnets , with a NAT gateway for their outbound internet connectivity.
2 private subnets for RDS
And in each case zones being in two zones and thus satisfying the question.
NAT is just to outbound conectivity, doesn’t allow inbound traffic. You can’t put webserver begind NAT.
b
The answer should be B. As there is no Route53 is using to switchover or simply maintaining standby ELB does cost`.
https://shlomoswidler.com/2009/07/elastic-in-elastic-load-balancing-elb.html
A
C , the ELB will communicate with the private subnet containing Apache, and private subnet with RDS
so what is the right answer for this
c
B is Right.
C is the correct answer. It is not only possible to put the webservers in a private subnet, it’s best practice. It should only allow traffic ingress from the ELB. The webservers can reach the internet through NAT, but the webservers should never be accessible from the internet directly.
A: – architecture wise Looks good, but the requirement is to distribute traffic in 2 availability zones.
B: – IF we create LB in only one public subnet than how the traffic will go to the private subnet of the servers in different availability zone.
C: – correct, we need two public subnets to transfer traffic in two private subnets.
D:- NOt good we don’t keep RDS in Public subnets.
C is correct.
C
C
Answer is C
While using ELB for web applications, ensure that you place all other EC2 instances in private subnets wherever possible. Except where there is an explicit requirement for instances requiring outside world access and Elastic IP attached, place all the instances in private subnets only. In the Amazon VPC environment, only ELBs must be in the public subnet as secure practice.
You will need to select a Subnet for each Availability Zone where you wish traffic to be routed by your load balancer. If you have instances in only one Availability Zone, please select at least two Subnets in different Availability Zones to provide higher availability for your load balancer.
RDS in private subnet, so D is incorrect.
Must be distributed over 2 AZs, so A and B are incorrect.
ELB creates two load balancer nodes at launch.
If you provide two subnets in different AZ ,EBL will launch one node in each AZ.
If you provide one subenet,ELB will launch two nodes in the AZ of your subnet.
C
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-manage-subnets.html
C
C. Two public subnets for ELB, two private subnets for the web-servers and two private subnets for RDS(multi-AZ deploy).
Need 2 subnets for each (multi-AZ), ELB has to be in public, DB in Pvt. If WebServer is behind ELB it should/can be in Pvt.
A is definitely wrong.