Which combination of configurations of the security group that is associated with the ALB will meet these requirements?
(Choose three.)
Allow HTTPS inbound traffic from 0.0.0.0/0 for port 443.
Allow all outbound traffic to 0.0.0.0/0 for port 443.
Allow HTTPS outbound traffic to the web application instances for port 443.
Allow HTTPS inbound traffic from the web application instances for port 443.
Allow HTTPS outbound traffic to the web application instances for the health check on port 8443.
Allow HTTPS inbound traffic from the web application instances for the health check on port 8443.
Explanations:
The ALB needs to receive HTTPS traffic from the internet on port 443, so inbound traffic from 0.0.0.0/0 for port 443 is required.
Outbound traffic to 0.0.0.0/0 on port 443 is not required for the ALB as it only needs to receive inbound traffic from clients.
The ALB must send HTTPS traffic to the web application servers on port 443, so outbound HTTPS traffic to port 443 on the EC2 instances is needed.
The web application instances do not need to allow HTTPS inbound traffic on port 443 from the ALB; they only need to accept it on port 443 from the ALB, not from themselves.
The ALB performs health checks over HTTPS on port 8443, so it needs to send outbound HTTPS traffic to the EC2 instances on port 8443 for health checking.
The web application instances do not need to allow HTTPS inbound traffic from each other for health checks on port 8443; the ALB is performing the checks, not the instances themselves.
As far as I’m aware, the answer is:
Allow HTTPS inbound traffic from 0.0.0.0/0 for port 443.