A company has transitioned from an outdated TCP-based application layer protocol to a new one, with both protocols using different port numbers. After migrating numerous applications running on Amazon EC2 instances and containers, the company wants to confirm that no applications are still using the old protocol. What solution can a network engineer implement to verify this without causing any downtime?

Exam-Like

Use Amazon Inspector and its Network Reachability rules package. Wait until the analysis has finished running to find out which EC2 instances are still listening to the old port.

0.0%

Enable Amazon GuardDuty. Use the graphical visualizations to filter for traffic that uses the port of the old protocol. Exclude all internet traffic to filter out occasions when the same port is used as an ephemeral port.

0.0%

Configure VPC flow logs to be delivered into an Amazon S3 bucket. Use Amazon Athena to query the data and to filter for the port number that is used by the old protocol.

100.0%

Inspect all security groups that are assigned to the EC2 instances that host the applications. Remove the port of the old protocol if that port is in the list of allowed ports. Verify that the applications are operating properly after the port is removed from the security groups.

0.0%

AWS Certified Advanced Networking - Specialty

Get started today

Comments