A company has multiple applications and is now building a new multi-tier application.The company will host the new application on Amazon EC2 instances.The company wants the network routing and traffic between the various applications to follow the security principle of least privilege.
Which AWS service or feature should the company use to enforce this principle?
Security groups
AWS Shield
AWS Global Accelerator
AWS Direct Connect gateway
Explanations:
Security groups allow the company to define inbound and outbound rules at the instance level, enforcing least privilege effectively.
AWS Shield is a managed DDoS protection service and does not control network routing or traffic privileges between applications.
AWS Global Accelerator improves application performance by routing traffic globally but does not enforce security policies.
AWS Direct Connect gateway provides private connectivity to AWS from on-premises but does not control network access within AWS.
I guess:
Security groups
From what I’ve seen, the answer is:
Security groups