Ensure Instances from VPC Subnets Can Access the Internet

Requirements for Internet Access in VPC Subnets

Prev Question Next Question

Question

Apart from the below 2 aspects , what other requirements need to be in place to ensure that instances from a VPC subnet can access the Internet. 1

Ensure that your subnet's route table points to the Internet gateway 2

Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance Choose 2 answers from the options given below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A and D.

The AWS documentation mentions the following on Internet gateways.

To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

· Attach an Internet gateway to your VPC.· Ensure that your subnet's route table points to the Internet gateway.

· Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).

· Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

For more information on the Internet gateway, please refer to the below link:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html

The two given requirements that need to be fulfilled to ensure that instances from a VPC subnet can access the Internet are:

  1. Ensure that your subnet's route table points to the Internet gateway: An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. To ensure that instances from a VPC subnet can access the Internet, the subnet's route table must be configured to send all Internet-bound traffic to the Internet gateway. This is typically achieved by adding a default route with the destination 0.0.0.0/0 to the route table and associating it with the Internet gateway.

  2. Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance: Network access control lists (ACLs) and security groups are used to control traffic to and from instances in your VPC. To ensure that instances from a VPC subnet can access the Internet, the network ACLs and security group rules must allow the relevant traffic to flow to and from the instances. This typically involves allowing outbound traffic to any destination and inbound traffic from any source on ports 80 and 443 for HTTP and HTTPS traffic, respectively.

Apart from these two requirements, there are no other requirements that need to be fulfilled to ensure that instances from a VPC subnet can access the Internet. Therefore, the correct answers are A and D:

A. Attach an Internet gateway to your VPC: This requirement is already covered by the first requirement given in the question. The Internet gateway must be attached to the VPC, and the subnet's route table must be configured to point to the Internet gateway.

D. Ensure the instance in the subnet has a public IP: Instances in a VPC subnet can have either a public IP or a private IP. However, this requirement is not necessary to ensure that instances can access the Internet. Instances with a private IP can access the Internet through a NAT gateway or a NAT instance. Therefore, this answer is incorrect.