AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
A company has deployed Linux-based application instances on EC2 in a private subnet and a Linux bastion host in a public subnet within a VPC. The solutions architect must establish secure connectivity from the on-premises network to the bastion host and subsequently to the application servers. What steps should be taken to configure the security groups for this access?
A company has deployed Linux-based application instances on EC2 in a private subnet and a Linux bastion host in a public subnet within a VPC. The solutions architect must establish secure connectivity from the on-premises network to the bastion host and subsequently to the application servers. What steps should be taken to configure the security groups for this access?
Explanation:
To establish a secure connection from the on-premises network to the application servers through the bastion host, you need to configure the security groups correctly. Option C ensures that only connections from the company's external IP range can access the bastion host, providing a layer of security by restricting external access. Option D ensures that only the bastion host can SSH into the application instances, preventing unauthorized access directly to those instances. This way, the connection path is secured from the company's network to the bastion host and then to the application servers.