A DevOps engineer initially configures Amazon EC2 instances with public IP addresses in a public subnet to use a user data script for fetching and installing application artifacts at launch. However, a recent change in security policy mandates that these instances must operate without any internet connectivity. Despite these instances launching successfully and being marked as healthy, the application installation is not occurring. What should be done to ensure the application is installed on the instances while complying with the updated security policy?

Exam-Like

Launch the instances in a public subnet with Elastic IP addresses attached. Once the application is installed and running, run a script to disassociate the Elastic IP addresses afterwards.

0.0%

Set up a NAT gateway. Deploy the EC2 instances to a private subnet. Update the private subnet's route table to use the NAT gateway as the default route.

40.0%

Publish the application artifacts to an Amazon S3 bucket and create a VPC endpoint for S3. Assign an IAM instance profile to the EC2 instances so they can read the application artifacts from the S3 bucket.

60.0%

Create a security group for the application instances and allow only outbound traffic to the artifact repository. Remove the security group rule once the install is complete.

0.0%

AWS Certified DevOps Engineer - Professional

Comments

Get started today