AWS Certified Advanced Networking - Specialty Exam: Impact of Missing Security Groups on EC2 Instances in a Test VPC

The Impact of Missing Security Groups on EC2 Instances in a Test VPC

Prev Question Next Question

Question

A global airline company has set up multiple VPCs in multiple regions for its three-tier application which is used for ticketing purposes by agents.

Recently the IT team of this company has developed a new ticketing application which they need to evaluate on the test setup.

For this, a new TEST VPC needs to be created & EC2 instances with the new applications need to be launched in this VPC.

A Junior Engineer who was responsible for implementing this new setup did not specify Security Groups on all-new EC2 instances launched within TEST VPC.

How will this impact communication between instances in TEST VPC?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - A.

When no Security Groups are specified during launch, the instance will be launched in default Security Groups for that VPC.

In the case of default Security Groups, it will allow all inbound traffic from all instances with that Security Groups & allow all outbound traffic from the instance.

Option B is incorrect as with no Security Groups specified, a default Security Groups will be applied which do not deny all inbound & outbound traffic but all inbound traffic from instance within the same Security Groups & allows all outbound traffic.

Option C is incorrect as Default Security Groups allow all outbound traffic irrespective of the same Security Groups & do not allow all inbound traffic.

Option D is incorrect as for inbound traffic default Security Groups will allow traffic from an instance with the same Security Groups & will deny all other traffic.

For more information on using Default Security Groups, refer to the following URLs,

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html

If the Junior Engineer did not specify any Security Groups while launching EC2 instances in the TEST VPC, it means that the instances will be launched with the default Security Group. The default Security Group allows all outbound traffic from the instance but denies all inbound traffic.

Therefore, option B is correct: "Will deny all inbound & outbound traffic from each instance."

This means that communication between instances within the TEST VPC will not be possible as all inbound traffic is denied. To enable communication between instances, a Security Group needs to be created and attached to each instance, allowing inbound traffic from the other instances within the same Security Group.

It is important to always specify Security Groups while launching EC2 instances in a VPC to ensure that the instances are secure and communication between them is possible as per the application requirements.