Prev Question
Next Question

Your company hosts a social media website for storing and sharing documents. The web application allows
user to upload large files while resuming and pausing the upload as needed. Currently, files are uploaded to
your PHP front end backed by Elastic load Balancing and an autoscaling fleet of Amazon Elastic Compute
Cloud (EC2) instances that scale upon average of bytes received (NetworkIng). After a file has been uploaded,
it is copied to Amazon Simple Storage Service (S3). Amazon EC2 instances use an AWS Identity and Access
Management (IAM) role that allows Amazon S3 uploads. Over the last six months, your user base and scale
have increased significantly, forcing you to increase the Auto Scaling group’s Max parameter a few times. Your
CFO is concerned about rising costs and has asked you to adjust the architecture where needed to better
optimize costs.
Which architecture change could you introduce to reduce costs and still keep your web application secure and
scalable?

A.
Replace the Auto Scaling launch configuration to include c3.8xlarge instances; those instances can
potentially yield a network throuthput of 10gbps.

B.
Re-architect your ingest pattern, have the app authenticate against your identity provider, and use your
identity provider as a broker fetching temporary AWS credentials from AWS Secure Token Service
(GetFederationToken). Securely pass the credentials and S3 endpoint/prefix to your app. Implement clientside logic to directly upload the file to Amazon S3 using the given credentials and S3 prefix.

C.
Re-architect your ingest pattern, and move your web application instances into a VPC public subnet. Attach
a public IP address for each EC2 instance (using the Auto Scaling launch configuration settings). Use
Amazon Route 53 Round Robin records set and HTTP health check to DNS load balance the app requests;
this approach will significantly reduce the cost by bypassing Elastic Load Balancing.

D.
Re-architect your ingest pattern, have the app authenticate against your identity provider, and use your
identity provider as a broker fetching temporary AWS credentials from AWS Secure Token Service
(GetFederationToken). Securely pass the credentials and S3 endpoint/prefix to your app. Implement clientside logic that used the S3 multipart upload API to directly upload the file to Amazon S3 using the given
credentials and S3 prefix.

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *