Question 238:
A global IT firm has deployed the company`s website on EC2 instance behind ELB. AWS CloudFront is configured with origin as ELB to serve all web content with the lowest latency to global partners. A Security Group is configured on ELB to ensure only AWS CloudFront IP ranges can access ELB & web content hosted on EC2 instance. Recently there were changes in AWS CloudFront IP ranges that were not allowed in Security Groups impacting partner access to the website. Which of the following tasks can be executed with minimum efforts & cost to update Security Groups attached to ELB to allow only valid AWS CloudFront IP Pool associated with Security Groups?
Answer options:
A.Create a Lambda function based upon VPC flow logs, which will automatically check if any IP ranges apart from CloudFront IP pools are reaching ELB & modify Security Groups automatically. B.Create a cron job to poll VPC flow logs which will check if any IP ranges apart from CloudFront IP pools are reaching ELB & modify Security Groups accordingly. C.Create a Lambda function based upon AWS SNS trigger for change in AWS CloudFront IP ranges to update Security Groups attached to ELB automatically. D.Create a cron job to poll CloudFront IP ranges to verify any changes & manually modify Security Groups attached to ELB if any change in IP ranges.