AWS Certified Solutions Architect - Associate: Secure Shell (SSH) Access Ports for EC2 and EFS Security Groups

Secure Shell (SSH) Access Ports for EC2 and EFS Security Groups

Prev Question Next Question

Question

Which of the following ports should be open on the security groups for the EC2 instance and the EFS respectively to enable Secure Shell (SSH) access between them?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer: A.

https://docs.aws.amazon.com/efs/latest/ug/accessing-fs-create-security-groups.html#create-security-groups-console

AWS EFS does not require any other port to be open except NFS (2049) on its security group.

3. You need to authorize additional access to the security groups as follows:

a. Add a rule to the EC2 security group to allow inbound access, as shown following. Optionally, you can
restrict the Source address.

‘Summary Inbound Rules Outbound Rules Tags

mo
vm oz ae
SSH (22) > 2 00000

For instructions, see Adding and Removing Rules in the Amazon VPC User Guide.

b. Add a rule to the mount target security group to allow inbound access from the EC2 security group, as
shown following (where the EC2 security group is identified as the source):

‘Summary Inbound Rules Outbound Rules

on

‘Type

NFS 2049

Note

You don't need to add an outbound rule because the default outbound rule allows all traffic to leave
(otherwise, you will need to add an outbound rule to open TCP connection on the NFS port,
identifying the mount target security group as the destination).

The correct answer is A. Open port 22(SSH) on EC2 security group and port 2049(NFS) on EFS security group.

Explanation: To enable Secure Shell (SSH) access between an EC2 instance and an EFS file system, we need to open the necessary ports on their respective security groups.

SSH is used for remote access to the EC2 instance, so we need to open port 22 on the EC2 security group to allow incoming SSH traffic. Port 22 is the default port used for SSH.

EFS uses the Network File System (NFS) protocol to allow EC2 instances to access its file systems. NFS uses ports 2049 and 111, so we need to open these ports on the EFS security group to allow the EC2 instance to access the EFS file system.

However, in this scenario, we only need to enable SSH access between the EC2 instance and EFS, so we only need to open port 22 on the EC2 security group and port 2049 on the EFS security group.

Therefore, the correct answer is A. Open port 22(SSH) on EC2 security group and port 2049(NFS) on EFS security group.