AWS Certified SysOps Administrator – Associate (legacy) — Question 708

A web application runs on Amazon EC2 instances with public IPs assigned behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS Multi-AZ DB instance. The Application Load Balancer, EC2 instances, and RDS
DB instance all run in separate sets of subnets. The EC2 instances can communicate with the DB instance, but cannot connect with external services.
What is the MOST likely solution?

Answer options

• A. Assign a public IP address to the database server and restart the database engine.
• B. Create and attach an Internet gateway to the VPC. Create a route table for the EC2 instance's subnets that sends Internet traffic to the gateway.
• C. Create and attach a virtual private gateway to the VPC. Create a route table for the EC2 instances' subnets that sends Internet traffic to the gateway.
• D. Create a VPC peering connection to a VPC that has an Internet gateway attached. Create a route table for the EC2 instances' subnets that sends Internet traffic to the peered VPC.

Correct answer: B

Explanation

For Amazon EC2 instances with public IP addresses to access external internet services, they must reside in a public subnet, which requires an Internet gateway attached to the VPC and a route table directing outbound traffic (0.0.0.0/0) to it. Option B correctly configures this routing behavior. Option C is incorrect because virtual private gateways are used for VPN or AWS Direct Connect connections, and Option D is incorrect because VPC peering does not support transitive routing to an internet gateway in a peered VPC.