An architecture uses an Application Load Balancer (ALB) in front of an Auto Scaling group of EC2 instances. The security team requires that the EC2 instances only accept traffic from the ALB. How should the security groups be configured?

Answer options:

Configure the EC2 security group to allow inbound traffic from the ALB's IP addresses.

Configure the EC2 security group to allow inbound traffic on the application port, specifying the ALB's security group ID as the source.

Configure a Network ACL to block all traffic except from the ALB subnets.

Place the EC2 instances in a private subnet and the ALB in a public subnet.

How to approach this question

Look for security group referencing.

B.Configure the EC2 security group to allow inbound traffic on the application port, specifying the ALB's security group ID as the source.✓ Correct

Referencing the ALB's security group ID in the EC2 security group ensures only traffic routed through the ALB is accepted.

Trying to use IP addresses for an ALB, which scales dynamically.

75 questions · hints · full answers · grading