AWS Certified SysOps Administrator – Associate (legacy) — Question 321

A user has created a VPC with a subnet and a security group. The user has launched an instance in that subnet and attached a public IP. The user is still unable to connect to the instance. The Internet gateway has also been created. What can be the reason for the error?

Answer options

• A. The internet gateway is not configured with the route table
• B. The private IP is not present
• C. The outbound traffic on the security group is disabled
• D. The internet gateway is not configured with the security group

Correct answer: A

Explanation

For an EC2 instance in a VPC to be accessible from the internet, its subnet's route table must have a route (typically 0.0.0.0/0) pointing to the Internet gateway. Without this route table entry, traffic cannot flow between the internet and the subnet, even if the gateway exists and a public IP is assigned. Private IPs are automatically assigned to instances, and security groups do not directly associate with Internet gateways.