AWS Certified Solutions Architect – Professional — Question 364

An organization has created multiple components of a single application for compartmentalization. Currently all the components are hosted on a single EC2 instance. Due to security reasons the organization wants to implement two separate SSLs for the separate modules although it is already using VPC.
How can the organization achieve this with a single instance?

Answer options

• A. You have to launch two instances each in a separate subnet and allow VPC peering for a single IP.
• B. Create a VPC instance which will have multiple network interfaces with multiple elastic IP addresses.
• C. Create a VPC instance which will have both the ACL and the security group attached to it and have separate rules for each IP address.
• D. Create a VPC instance which will have multiple subnets attached to it and each will have a separate IP address.

Correct answer: B

Explanation

To host multiple SSL certificates on a single EC2 instance, the instance must be associated with multiple IP addresses, which is accomplished by attaching multiple Elastic Network Interfaces (ENIs) with their own Elastic IPs. This allows the web server on the instance to bind different SSL certificates to distinct IP addresses. Options involving multiple subnets for a single instance or relying purely on security groups/ACLs are incorrect because an EC2 instance resides in a single subnet and requires multiple network interfaces to map multiple public IPs.