Exam AWS Certified SysOps Administrator - Associate topic 1 question 323 discussion

Where is Gomer?

C is correct as curl was being used to go to http and port 80 is not in the allowed outbound yet.

The command curl http://www.example.com uses HTTP, which means it attempts to connect over port 80 (not 443, which is for HTTPS). The security group currently only allows outbound port 443, which is insufficient for HTTP traffic. To allow HTTP traffic to the internet (i.e., outbound port 80), the EC2 instance's security group needs a rule to allow outbound connections on port 80.

Security groups in AWS are stateful, which means that any outbound traffic that is allowed by the security group will automatically be allowed back in, regardless of the inbound security group rules. In this escenario, the key issue is that the outbound security group for the EC2 instance only allows outbound traffic on port 443, but the curl command is trying to access a website on port 80. This means that the response traffic from the website on port 80 will be blocked, even though the inbound security group allows port 80.

The curl command uses the HTTP protocol (port 80). There is no rule that allows outgoing traffic from port 80, so the traffic does not even leave the EC2 instance

A is right ACL - inbound and outbound SG - only inbound, by default outbound not monitoring

connect (outbound) to internet (0.0.0.0/0)

In the given scenario, the user is trying to access a web server using the curl command with HTTP (port 80). The issue is likely related to the inbound network ACL rules that control the traffic coming into the subnet. The relevant information includes: The outbound route for CIDR 0.0.0.0/0 is properly configured through a NAT gateway, allowing outbound traffic. The outbound security group for the EC2 instance allows outbound traffic on port 443 to CIDR 0.0.0.0/0. The inbound security group for the EC2 instance allows inbound traffic on ports 22 and 443 from the user's IP address. The inbound network ACL for the subnet allows inbound traffic on ports 22 and the port range 1024-65535 from CIDR 0.0.0.0/0. However, there is no rule in the inbound network ACL allowing traffic on port 80 (HTTP). To resolve this issue, you should add an additional inbound network ACL rule for port 80 to CIDR 0.0.0.0/0. This will allow the user to access the web server using HTTP. Therefore, option A is the correct action to allow the user to complete the curl request successfully.

C It is. And looks like @Gomer have already passed SysOps and abandoned the discussions😉

C is correct, http=port80. we need to open an inbound for 80 in SG

I think the correct answer is A. - The NAT is ok. - We have outbound rule for 443 to 0.0.0.0/0 - We have inbound rule for port 22 adn 443 (Security Groups are stateful if we allow the inbound trafficc also allow the response (outbound) on the same port) - ACL are stateless which means we need to add a rule to allow the inbound and another for the outbound traffic on port 80.

The curl command is trying to access a website using HTTP, which uses port 80. The outbound security group for the EC2 instance currently only allows outbound traffic on port 443, which is used for HTTPS. To allow the user to complete the curl request successfully, an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0 should be added. So, the correct answer would be C. Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.

curl = outbound http:/www.example.com = port 80