Topic 1 Question 255
2 つ選択A company is creating a centralized logging service running on Amazon EC2 that will receive and analyze logs from hundreds of AWS accounts. AWS PrivateLink is being used to provide connectivity between the client services and the logging service.
In each AWS account with a client, an interface endpoint has been created for the logging service and is available. The logging service running on EC2 instances with a Network Load Balancer (NLB) are deployed in different subnets. The clients are unable to submit logs using the VPC endpoint.
Which combination of steps should a solutions architect take to resolve this issue?
Check that the NACL is attached to the logging service subnet to allow communications to and from the NLB subnets. Check that the NACL is attached to the NLB subnet to allow communications to and from the logging service subnets running on EC2 instances.
Check that the NACL is attached to the logging service subnets to allow communications to and from the interface endpoint subnets. Check that the NACL is attached to the interface endpoint subnet to allow communications to and from the logging service subnets running on EC2 instances.
Check the security group for the logging service running on the EC2 instances to ensure it allows ingress from the NLB subnets.
Check the security group for the logging service running on EC2 instances to ensure it allows ingress from the clients.
Check the security group for the NLB to ensure it allows ingress from the interface endpoint subnets.
ユーザの投票
コメント(17)
- 正解だと思う選択肢: AC
When you associate a Network Load Balancer with an endpoint service, the Network Load Balancer forwards requests to the registered target. The requests are forwarded as if the target was registered by IP address. In this case, the source IP addresses are the private IP addresses of the load balancer nodes. If you have access to the Amazon VPC endpoint service, then verify that:
The Inbound security group rules of the Network Load Balancer’s targets allow communication from the private IP address of the Network Load Balancer nodes The rules within the network ACL associated with the Network Load Balancer’s targets allow communication from the private IP address of the Network Load Balancer nodeshttps://repost.aws/knowledge-center/security-network-acl-vpc-endpoint
👍 5magmichal052023/10/08 - 正解だと思う選択肢: BC
B and C. The NLB is places in the destination Account. That means the EC2 logging instance get traffic from the NLB. So the source for the Logging EC2 instance must be the NLB. https://aws.amazon.com/de/blogs/architecture/building-saas-services-for-aws-customers-with-privatelink/ Old but not outdated
👍 4Just_Ninja2023/07/26 - 正解だと思う選択肢: AC👍 4vjp_training2023/08/18
シャッフルモード