AWS Certified Solutions Architect – Associate (SAA-C02) — Question 769

A solutions architect launches an Amazon EC2 instance inside a new VPC. The solutions architect configures network ACL rules and security group rules that allow the appropriate traffic to flow to and from the instance. An Elastic IP address is associated with the instance. The solutions architect needs to be able to access the instance from the internet.
Which combination of actions should the solutions architect take to accomplish this goal? (Choose two.)

Answer options

• A. Create an internet gateway. Attach the internet gateway to the VPC.
• B. Create an internet gateway. Attach the internet gateway to the instance's subnet.
• C. Create an internet gateway. Attach the internet gateway to the instance.
• D. Add a route to the route table of the instance's subnet. Route traffic from the instance's subnet to the internet gateway.
• E. Add a route to the route table of the instance's subnet. Route traffic from the internet gateway to the instance's subnet.

Correct answer: A, D

Explanation

To enable internet access for an Amazon EC2 instance in a VPC, you must attach an internet gateway to the VPC and configure a route in the subnet's route table pointing destination traffic (0.0.0.0/0) to that internet gateway. Internet gateways cannot be attached directly to individual subnets or EC2 instances, making options B and C incorrect. Option E is incorrect because route tables dictate outbound routing from the subnet, not inbound routing from the gateway to the subnet.