A company is migrating a legacy data processing solution to AWS, deploying it on Amazon EC2 instances within private subnets of a single VPC. The solution utilizes Amazon S3 for object storage, storing both input and output data, and Amazon DynamoDB to maintain its state. VPC flow logs are collected, and a single NAT gateway is used to enable license registration over the internet via a specific hostname provided by the software vendor. The company observes that the AWS bill surpasses the projected budget, and a network engineer identifies the USE2-NatGateway-Bytes($) usage type as the primary cause of the unexpected cost increase. What actions should the network engineer take to address this issue? (Choose two.)

Exam-Like

Set up Amazon VPC Traffic Mirroring. Analyze the traffic to identify the traffic that the NAT gateway processes.

7.1%

Examine the VPC flow logs to identity the traffic that traverses the NAT gateway.

28.6%

Set up an AWS Cost and Usage Report in the AWS Billing and Cost Management console. Examine the report to find more details about the NAT gateway charges.

7.1%

Verify that the security groups attached to the EC2 instances allow outgoing traffic only to the IP addresses that the hostname resolves to, the VPC CIDR block, and the AWS IP address ranges for Amazon S3 and DynamoDB.

7.1%

Verify that the gateway VPC endpoints for Amazon S3 and DynamoDB are both set up and associated with the route tables of the private subnets.

50.0%

AWS Certified Advanced Networking - Specialty

Get started today

Comments