Which of the following are possible causes of this issue?
(Choose two.)
A network ACL associated with the bastion’s subnet is blocking the network traffic.
The instance does not have a private IP address.
The route table associated with the bastion’s subnet does not have a route to the internet gateway.
The security group for the instance does not have an inbound rule on port 22.
The security group for the instance does not have an outbound rule on port 3389.
Explanations:
A network ACL (NACL) could block traffic to and from the bastion host on the specified RDP port (3389), preventing the user from connecting over the internet. NACLs operate at the subnet level and can restrict traffic regardless of the instance’s security group rules.
Every EC2 instance, including a bastion host, must have a private IP address assigned to it. The lack of a private IP address would not directly cause RDP connectivity issues, as the issue relates to access from the public internet.
If the route table associated with the bastion’s subnet does not contain a route to the internet gateway, the instance will not be reachable from the internet. Without this route, traffic cannot flow to and from the internet, blocking RDP connections.
The security group must have an inbound rule allowing traffic on port 3389 (the RDP port) for the user to connect. However, the mention of port 22 is incorrect as that is the port for SSH, not RDP, making this option irrelevant to the issue described.
Outbound rules on the security group are not typically the cause of inbound connectivity issues. As long as there is an inbound rule allowing RDP, the user should be able to connect. Outbound rules are only necessary if the instance needs to respond to the connection or initiate outbound connections.
As far as I can tell, the answer is:
A network ACL associated with the bastion’s subnet is blocking the network traffic.
From my point of view, the answer is:
A network ACL associated with the bastion’s subnet is blocking the network traffic.