Jeff’s Note #
Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Site Reliability Engineer (SRE).
For SOA-C02 candidates, the common confusion revolves around implementing Route 53 failover routing combined with health checks — often mixing up DNS record types and misunderstanding how ELB IP addresses are handled. In production, this is about grasping Route 53’s routing policies and ELB alias record behavior to ensure seamless multi-region failover. Let’s drill down.
The Certification Drill (Simulated Question) #
Scenario #
Greenfield Financial Services operates a customer-facing web portal hosted on Amazon EC2 instances behind an Elastic Load Balancer (ELB) in the us-east-1 region. The infrastructure is provisioned via AWS CloudFormation stacks. To meet strict uptime requirements, the company wants to extend its availability by deploying a complete redundant stack in the us-west-2 region. The public DNS for the portal is managed using Amazon Route 53.
The Requirement #
The web portal must be highly available across multiple AWS regions. Traffic should primarily be routed to the us-east-1 ELB but fail over automatically to the us-west-2 ELB in case of regional issues. The solution must leverage Route 53 routing policies and health checks to achieve this.
The Options #
-
A) Deploy a CloudFormation stack replica in us-west-2. Create a single authoritative SOA record in Route 53 that contains the IP addresses of both ELBs. Configure health checks on the SOA record. Designate the us-east-1 ELB as primary and us-west-2 ELB as secondary.
-
B) Deploy a CloudFormation stack replica in us-west-2. Create an additional A record in Route 53 with the us-west-2 ELB as an alias target. Configure this A record with a failover routing policy and health checks, setting us-east-1 ELB as primary and us-west-2 ELB as secondary.
-
C) Launch new EC2 instances in us-west-2 and associate them with the existing ELB in us-east-1. Configure ELB health checks on all EC2 instances and program the ELB to update Route 53 if us-west-2 instance health deteriorates.
-
D) Launch new EC2 instances in us-west-2. Set up EC2 health checks on instances in both regions. Establish a VPC peering connection between the two regions and configure Route 53 to treat the us-east-1 VPC as primary and us-west-2 as secondary.
Google adsense #
leave a comment:
Correct Answer #
B
Quick Insight: The SOA-C02 Imperative #
- For SysOps: When handling multi-region ELB failover, Route 53 alias records with failover routing are your best friend. Avoid trying to put ELB IPs directly into SOA records (which are about zone administration, not routing). Also, ELBs don’t have fixed IP addresses, so failover must employ alias targets and health checks linked to ELB DNS names.
Content Locked: The Expert Analysis #
You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?
The Expert’s Analysis #
Correct Answer #
Option B
The Winning Logic #
The recommended approach is to deploy full stacks in both regions and use Route 53 failover routing with alias records pointing to the ELBs’ DNS names. Specifically:
- ELBs do not have static IP addresses; thus, listing IPs manually (Option A) is invalid.
- A Route 53 alias A record can point directly to an ELB DNS name and supports health checks.
- Failover routing policies allow you to designate primary and secondary ELB targets.
- Route 53 health checks monitor ELB endpoint health, automatically failing over DNS to the secondary region when necessary.
- CloudFormation stacks deployed in both regions ensure identical infra and scalability.
The Trap (Distractor Analysis) #
-
Why not A? The SOA (Start of Authority) record relates to DNS zone details, not for listing service endpoints. Trying to insert ELB IPs is unreliable and not supported since ELBs use dynamic IPs. Also, Route 53 does not support health checks on SOA records for failover.
-
Why not C? ELBs only serve the region they are deployed in. You cannot attach EC2 instances across regions to the same ELB. Moreover, ELB cannot modify Route 53 automated records based on instance health outside its scope.
-
Why not D? VPC peering does not span regions (inter-region VPC peering is possible but doesn’t solve DNS failover). Managing failover purely by EC2 instance health checks and peering ignores ELB role and Route 53 DNS routing policies, making it technically inaccurate and operationally complex.
The Technical Blueprint #
# Example AWS CLI: Create Route 53 failover alias record for secondary ELB
aws route53 change-resource-record-sets --hosted-zone-id Z3M3LMPEXAMPLE \
--change-batch '{
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "portal.example.com",
"Type": "A",
"SetIdentifier": "us-east-1-primary",
"Failover": "PRIMARY",
"AliasTarget": {
"HostedZoneId": "Z35SXDOTRQ7X7K", # ELB Hosted Zone for us-east-1
"DNSName": "myelb-us-east-1-123456.elb.amazonaws.com",
"EvaluateTargetHealth": true
}
}
},
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "portal.example.com",
"Type": "A",
"SetIdentifier": "us-west-2-secondary",
"Failover": "SECONDARY",
"AliasTarget": {
"HostedZoneId": "Z1H1FL5HABSF5", # ELB Hosted Zone for us-west-2
"DNSName": "myelb-us-west-2-789012.elb.amazonaws.com",
"EvaluateTargetHealth": true
}
}
}
]
}'
The Comparative Analysis #
| Option | Operational Overhead | Automation Level | Impact on Availability | Comments |
|---|---|---|---|---|
| A | High | Low | Poor | Misuses SOA record; ELB IPs dynamic |
| B | Moderate | High | Best | Uses native Route 53 failover & health checks |
| C | High | Low | Invalid | ELB regional scope invalidates this |
| D | Very High | Low | Ineffective | VPC peering irrelevant for DNS failover |
Real-World Application (Practitioner Insight) #
Exam Rule #
For the exam, always pick Route 53 alias failover records when you see multi-region ELB failover requirements.
Real World #
In real deployments, companies often complement DNS failover with application-level health checks and active-active architectures using Global Accelerator or Route 53 latency routing. But for exam and foundational design, failover routing remains the recommended baseline.
(CTA) Stop Guessing, Start Mastering #
Disclaimer
This is a study note based on simulated scenarios for the SOA-C02 exam.