Answer-first summary for fast verification
Answer: Publish the application artifacts to an Amazon S3 bucket and create a VPC endpoint for S3. Assign an IAM instance profile to the EC2 instances so they can read the application artifacts from the S3 bucket.
The correct answer is C: 'Publish the application artifacts to an Amazon S3 bucket and create a VPC endpoint for S3. Assign an IAM instance profile to the EC2 instances so they can read the application artifacts from the S3 bucket.' This solution allows the EC2 instances to access the application artifacts stored in S3 without requiring internet access. The VPC endpoint provides a secure and private connection to S3, and the IAM instance profile ensures the instances have the necessary permissions to read from the S3 bucket. Options A, B, and D involve either maintaining some form of internet access or potentially insecure configurations after the initial setup, which do not comply with the updated security policy.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A DevOps engineer initially configures Amazon EC2 instances with public IP addresses in a public subnet to use a user data script for fetching and installing application artifacts at launch. However, a recent change in security policy mandates that these instances must operate without any internet connectivity. Despite these instances launching successfully and being marked as healthy, the application installation is not occurring. What should be done to ensure the application is installed on the instances while complying with the updated security policy?
A
Launch the instances in a public subnet with Elastic IP addresses attached. Once the application is installed and running, run a script to disassociate the Elastic IP addresses afterwards.
B
Set up a NAT gateway. Deploy the EC2 instances to a private subnet. Update the private subnet's route table to use the NAT gateway as the default route.
C
Publish the application artifacts to an Amazon S3 bucket and create a VPC endpoint for S3. Assign an IAM instance profile to the EC2 instances so they can read the application artifacts from the S3 bucket.
D
Create a security group for the application instances and allow only outbound traffic to the artifact repository. Remove the security group rule once the install is complete.