You have a Virtual Private Cloud (VPC) and want to allow public internet access to instances in a public subnet. Which option correctly attaches an Internet Gateway to the VPC?
Remember, Internet Gateways attach to VPCs, not subnets. Public access requires routing traffic through the Internet Gateway.
Internet Gateways must be attached to the VPC. Then, the route table for the public subnet must have a route directing all internet-bound traffic (0.0.0.0/0) to the Internet Gateway. Attaching to subnets or skipping route updates will not enable internet access.
You have attached an Internet Gateway and updated the route table for a public subnet. What security group rule is required to allow inbound HTTP traffic from the internet to an EC2 instance?
HTTP uses TCP port 80 and inbound traffic must be allowed from anywhere for public access.
To allow public HTTP access, the security group must allow inbound TCP traffic on port 80 from all IP addresses (0.0.0.0/0). Port 22 is for SSH, outbound rules do not control inbound access, and UDP is not used for HTTP.
You have a subnet with a route table directing 0.0.0.0/0 traffic to an Internet Gateway, but the Internet Gateway is not attached to the VPC. What will happen when an instance in this subnet tries to access the internet?
Routes to an Internet Gateway require the gateway to be attached to the VPC to function.
Even if the route table points to an Internet Gateway, if the gateway is not attached to the VPC, traffic cannot flow through it. This prevents internet access.
Which Terraform snippet correctly creates and attaches an Internet Gateway to a VPC named 'main-vpc'?
Terraform resource attributes are case-sensitive and must match resource names exactly.
The correct attribute is 'vpc_id' with the exact resource name 'aws_vpc.main_vpc.id'. Using dashes in resource names is invalid in Terraform identifiers.
You have a VPC spanning multiple Availability Zones (AZs). What is the best practice to ensure high availability of internet access for public subnets in all AZs?
Internet Gateways are regional and attached to the VPC, not per AZ or subnet.
An Internet Gateway is a horizontally scaled, redundant, and highly available component that attaches to the VPC. One Internet Gateway serves all AZs in the VPC. Creating multiple Internet Gateways or attaching them to subnets is not supported.