What should the SysOps administrator do to meet these requirements?
Add the following route to a route table for the subnets used by the instances: Destination: 0.0.0.0/0 Target: igw-xxxxxxxx
Ensure that the instances do not have Elastic IP addresses. Move the instances to a private subnet.
Enable enhanced networking on the instances. Move the instances to a private subnet.
Remove any routes that allow internet traffic from the route table associated with the instance’s subnets.
Explanations:
Adding a route to the internet gateway (igw-xxxxxxxx) allows the instances to send traffic to the internet, which violates the requirement of preventing IP leaks.
Ensuring no Elastic IP addresses and moving instances to a private subnet helps reduce direct access to the internet, but this is not the most effective control for the problem. Elastic IPs are typically used to allow outbound internet traffic, but instances in private subnets already have no direct internet access unless explicitly configured.
Enhanced networking improves performance, but it does not directly address the problem of preventing internet access. Moving instances to a private subnet is useful but is only part of the solution.
Removing routes that allow internet traffic from the route table ensures that instances cannot send traffic to the internet, effectively addressing the security concern.