What change should the systems administrator make to the existing build fleet to comply with this new requirement?
Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.
Explanations:
Moving all EC2 instances behind a NAT gateway will ensure that all outbound traffic, including build uploads to the third-party service, originates from the NAT gateway’s elastic IP address. This single IP can then be provided to the service’s allow list, meeting the requirement.
An internet gateway allows multiple EC2 instances to access the internet directly, meaning that each instance would use its own public IP address. This setup would not comply with the requirement for a single IP address for uploads.
An Availability Zone is not associated with a single IP address; rather, it contains multiple resources across various subnets and instances. This option does not provide a means to ensure a single outgoing IP address for build uploads.
Peering a VPC does not change the public IP addresses of the EC2 instances. The instances would still use their individual public IP addresses for outbound traffic unless routed through a NAT gateway. Therefore, this option does not comply with the requirement.