Which AWS resource or service will meet this requirement?

By: study aws cloud

Tagged: Cloud Practitioner

With: 2 Comments

A company created an Amazon EC2 instance.The company wants to control the incoming and outgoing network traffic at the instance level.

Which AWS resource or service will meet this requirement?

AWS Shield

Security groups

Network Access Analyzer

VPC endpoints

Explanations:

AWS Shield is primarily a DDoS protection service. It does not control network traffic at the instance level but rather helps protect applications from distributed denial-of-service attacks.

Security groups act as virtual firewalls for Amazon EC2 instances, allowing you to control the incoming and outgoing traffic based on specified rules. They operate at the instance level and provide the necessary control over network traffic.

Network Access Analyzer helps identify and analyze the access permissions and configurations of AWS resources, but it does not control traffic directly. It is more focused on security auditing rather than traffic management.

VPC endpoints allow private connections between VPCs and supported AWS services without requiring public IP addresses. While they enhance connectivity, they do not directly control network traffic at the instance level.

Previous Post: How should the developer support the new access pattern in the MOST operationally efficient way?

Next Post: Which combination of steps should a database specialist take to meet these requirements?

2 Comments

Author

My best guess is:
Security groups

Jonathan

7 months ago

Permalink

Reply
Author

I estimate that the answer is:
Security groups

Betty

1 month ago

Permalink

Reply

Leave a Reply Cancel reply