Configuring VPC for Web Application Accessibility
Question
Your development team has created a web application in a subnet that needs to be tested.
You need to advise the IT admin team on how they should configure the VPC to ensure the application can be accessed from the Internet.
Which of the following components would be part of the design? Choose 3 answers from the options given below.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A, C and D.
This scenario's configuration includes a virtual private cloud (VPC) with a single public subnet and an internet gateway to enable communication over the internet.
An internet gateway.
This connects the VPC to the internet and other AWS services.
A custom route table is associated with the subnet.
The route table entries enable instances in the subnet to use IPv4 to communicate with other instances in the VPC, and communicate directly over the internet.
A subnet, that is associated with a route table and that has a route to an internet gateway, is known as a public subnet.
Instances receive a Public IP address so that it is reachable from outside the VPC.
This IP address might change if the instance stops and starts.
Alternatively, you can use an Elastic IP Address that remains static.
Only use a Public IP/Elastic IP address when communicating with the instance from outside the VPC.Option B is incorrect since this should be used to communicate instances in the private subnet to the Internet.
For more information on public subnets and the VPC, please visit the below URL-
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario1.html
To make the web application accessible from the Internet, the following components should be included in the VPC design:
An Internet Gateway: An internet gateway is a horizontally scalable, redundant, and highly available VPC component that allows communication between instances in a VPC and the internet. It acts as a gateway between the VPC and the internet, and provides a target in the VPC route tables for internet-routable traffic. An internet gateway is required to allow the web application to be accessed from the internet.
Subnet with a public IP address: The subnet in which the web application is deployed should have a public IP address. Instances launched in a public subnet have direct internet access and can be accessed from the internet.
Route table with a default route to the internet gateway: A custom route table needs to be created and added to the subnet. This route table should have a default route pointing to the internet gateway. By default, all subnets in a VPC are associated with the main route table, which has a local route for all VPC CIDR blocks and no internet gateway route. Hence, a custom route table should be created, and a default route should be added to it, pointing to the internet gateway. This ensures that the web application can be accessed from the internet.
Hence, the correct options are A, C, and D. A NAT gateway is not required for this scenario because it is used to provide internet access to instances in a private subnet. However, in this scenario, the instance needs to be accessed from the internet, so it should be launched in a public subnet with a public IP address.