AWS Certified SysOps Administrator – Associate (legacy) — Question 211

You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same Availability Zone (AZ) but in different subnets. One instance is running a database and the other instance an application that will interface with the database. You want to confirm that they can talk to each other for your application to work properly.
Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate inside the VPC? (Choose two.)

Answer options

• A. A network ACL that allows communication between the two subnets.
• B. Both instances are the same instance class and using the same Key-pair.
• C. That the default route is set to a NAT instance or internet Gateway (IGW) for them to communicate.
• D. Security groups are set to allow the application host to talk to the database on the right port/protocol.

Correct answer: A, D

Explanation

To ensure the EC2 instances can communicate, it's essential to confirm that the network ACL permits traffic between the two subnets (A). Additionally, security groups must be configured to allow the application instance to connect to the database instance using the appropriate port and protocol (D). The other options (B and C) are not relevant to the communication between instances in different subnets within the same VPC.