AWS Certified SysOps Administrator – Associate (legacy) — Question 648

A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented strict IP whitelisting that requires all build uploads to come from a single IP address.
What change should the systems administrator make to the existing build fleet to comply with this new requirement?

Answer options

• A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
• B. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
• C. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
• D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

Correct answer: C

Explanation

Consolidating all EC2 instances into a single Availability Zone and sharing its designated IP range satisfies the external service's restriction. Options involving NAT gateways, internet gateways, or peered VPCs are incorrect because they either do not provide a single static IP address for outbound traffic or are architecturally inappropriate for this specific scenario's designated solution.