Which of the following approaches would you select?

You are designing a system that has a Bastion host. This component needs to be highly available without
human intervention.
Which of the following approaches would you select?

You are designing a system that has a Bastion host. This component needs to be highly available without
human intervention.
Which of the following approaches would you select?

A.
Run the bastion on two instances one in each AZ

B.
Run the bastion on an active Instance in one AZ and have an AMI ready to boot up in the event of failure

C.
Configure the bastion instance in an Auto Scaling group Specify the Auto Scaling group to include multiple
AZs but have a min-size of 1 and max-size of 1

D.
Configure an ELB in front of the bastion instance

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *

Justin

Justin

A and C are both correct.

Reply

DD

DD

C is more correct. You want it to be highly available, A requires manual intervention

Reply

Hem Raj

Hem Raj

but in option c the min and max size of instances is 1 then what is the use of autoscaling.

Reply

JK

JK

It will ensure there is always 1 healthy instance. If the health check fails, it will be terminated and a new one spun up.

Reply

Viva

Viva

Options C is correct. A is wrong. why they just running two instance in two AZ without any connection between them.

Reply

escube

escube

A is correct. You have two bastion host, with two EIP and you can set Route53 to route to the same nameserver.
Answer C is wrong and tricky.
When a machine die and the other is created, how do you assign the right EIP? What EIP will be assigned? With Autoscaling you cannot assign a chosen EIP, so how do you connect to that bastion host?
You need to make scripting on each machine and it is kind of tricky:
https://forums.aws.amazon.com/message.jspa?messageID=248764

Reply

Ratiyala

Ratiyala

Answer is : C

Tricky part is to make sure same Elastic IP get configured for the newly created instance in case of instance fail.
————————————————————————–
Elastic IP addresses are associated with the bastion instances to make it easier to remember and allow these IP addresses from on-premises firewalls. If an instance is terminated and the Auto Scaling group launches a new instance in its place, the existing Elastic IP addresses are re-associated with the new instances. This ensures that the same trusted Elastic IP addresses are used at all times.
Link : http://docs.aws.amazon.com/quickstart/latest/linux-bastion/architecture.html

Reply

Leonardo Gialluisi

Leonardo Gialluisi

The correct answer is A.

Reply

Anuj

Anuj

C is correct.

Reply

BDA

BDA

A is correct, you want Route53 health checks to determine which Bastion host to use, per the cloud guru course.

Reply

Ken

Ken

without knowing how many az in the region, A may not be the best answer, I will prefer C instead

Reply

LV

LV

None is right, they are missing elements. Like a route 53 health check.

C and D would work together.

Reply