What would resolve the connectivity issue?

By:
In: SCS-C01
Tagged:
With: 1 Comment
A Software Engineer is trying to figure out why network connectivity to an Amazon EC2 instance does not appear to be working correctly.Its security group allows inbound HTTP traffic from 0.0.0.0/0, and the outbound rules have not been modified from the default.A custom network ACL associated with its subnet allows inbound HTTP traffic from 0.0.0.0/0 and has no outbound rules.

What would resolve the connectivity issue?

The outbound rules on the security group do not allow the response to be sent to the client on the ephemeral port range.

The outbound rules on the security group do not allow the response to be sent to the client on the HTTP port.

An outbound rule must be added to the network ACL to allow the response to be sent to the client on the ephemeral port range.

An outbound rule must be added to the network ACL to allow the response to be sent to the client on the HTTP port.

Explanations:

The issue is not with the outbound rules on the security group preventing responses on ephemeral ports, but rather with the network ACL not allowing the response.

The outbound rules on the security group do not need to specifically allow traffic on HTTP ports. The issue lies with the outbound network ACL not allowing traffic.

The network ACL lacks outbound rules, so a response cannot be sent back to the client. An outbound rule for the ephemeral port range (1024–65535) is required.

The HTTP port is already allowed by the security group, and network ACLs do not need outbound rules for HTTP specifically in this case. The issue is with ephemeral ports.

2025-10-13

1 Comment

  1. Aaron
    Author

    I assess that the answer is:
    An outbound rule must be added to the network ACL to allow the response to be sent to the client on the ephemeral port range.

Leave a Reply

Your email address will not be published. Required fields are marked *

5 + 5 =