Learn how to migrate an on-premises SaaS file transfer solution to AWS while maintaining existing customer IP firewall rules using AWS Transfer for SFTP and Elastic IP addresses.
Table of Contents
Question
A company operates an on-premises software-as-a-service (SaaS) solution that ingests several files daily. The company provides multiple public SFTP endpoints to its customers to facilitate the file transfers. The customers add the SFTP endpoint IP addresses to their firewall allow list for outbound traffic. Changes to the SFTP endpoint IP addresses are not permitted.
The company wants to migrate the SaaS solution to AWS and decrease the operational overhead of the file transfer service.
Which solution meets these requirements?
A. Register the customer-owned block of IP addresses in the company’s AWS account. Create Elastic IP addresses from the address pool and assign them to an AWS Transfer for SFTP endpoint. Use AWS Transfer to store the files in Amazon S3.
B. Add a subnet containing the customer-owned block of IP addresses to a VPC. Create Elastic IP addresses from the address pool and assign them to an Application Load Balancer (ALB). Launch EC2 instances hosting FTP services in an Auto Scaling group behind the ALStore the files in attached Amazon Elastic Block Store (Amazon EBS) volumes.
C. Register the customer-owned block of IP addresses with Amazon Route 53. Create alias records in Route 53 that point to a Network Load Balancer (NLB). Launch EC2 instances hosting FTP services in an Auto Scaling group behind the NLB. Store the files in Amazon S3.
D. Register the customer-owned block of IP addresses in the company’s AWS account. Create Elastic IP addresses from the address pool and assign them to an Amazon S3 VPC endpoint. Enable SFTP support on the S3 bucket.
Answer
A. Register the customer-owned block of IP addresses in the company’s AWS account. Create Elastic IP addresses from the address pool and assign them to an AWS Transfer for SFTP endpoint. Use AWS Transfer to store the files in Amazon S3.
Explanation
The company wants to migrate its SaaS solution to AWS while allowing customers to continue using their existing firewall rules for outbound traffic. This means that the IP addresses of the file transfer service must remain the same after the migration. Additionally, the operational overhead of the file transfer service needs to be reduced.
Option A addresses these requirements by leveraging AWS Transfer for SFTP service:
- The company can register its customer-owned block of IP addresses in its AWS account.
- Elastic IP addresses can be created from the registered IP address pool and assigned to an AWS Transfer for SFTP endpoint.
- AWS Transfer for SFTP is a fully managed service that simplifies the operational overhead of secure file transfers.
- The ingested files can be directly stored in Amazon S3, a highly durable and scalable object storage service.
Other options do not meet the requirements:
- Option B requires changing the IP addresses by using an Application Load Balancer (ALB), which would violate the requirement of maintaining the existing IP addresses.
- Option C suggests using Route 53 and a Network Load Balancer (NLB), which would also require changing the IP addresses.
- Option D proposes using S3 VPC endpoints, but these endpoints do not have static IP addresses, and enabling SFTP support on an S3 bucket is not a recommended approach.
Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Solutions Architect – Professional SAP-C02 exam and earn Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification.