Learn which AWS resources are essential to convert a subnet into a public subnet in a VPC. Understand the roles of an Internet Gateway and Route Tables for AWS Cloud Practitioner CLF-C02 certification.
Table of Contents
Question
A company has set up a VPC in its AWS account and created a subnet in the VPC. The company wants to make the subnet public. Which AWS resources should the company use to meet this requirement? (Select TWO.)
A. Amazon VPC internet gateway
B. Amazon VPC NAT gateway
C. Amazon VPC route tables
D. Amazon VPC network ACLs
E. Amazon EC2 security groups
Answer
A. Amazon VPC internet gateway
C. Amazon VPC route tables
Explanation
To make a subnet public, the company needs to use an Amazon VPC internet gateway and configure appropriate route tables.
To make a subnet public in an Amazon Virtual Private Cloud (VPC), two critical AWS resources are required:
Amazon VPC Internet Gateway (IGW)
- An Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between resources in your VPC and the internet.
- To make a subnet public, you must attach an Internet Gateway to your VPC. This enables outbound traffic from the subnet to reach the internet and allows inbound traffic from the internet to reach the subnet’s resources if proper security rules are configured.
Amazon VPC Route Tables
- A route table determines how network traffic is directed within your VPC. For a subnet to be public, its associated route table must include a route that directs traffic destined for external IP addresses (e.g., 0.0.0.0/0) to the Internet Gateway attached to the VPC.
- Without this route, even if an Internet Gateway is attached, the subnet will not have internet connectivity.
Explanation of Incorrect Options
B. Amazon VPC NAT Gateway:
A NAT Gateway is used to allow instances in private subnets to access the internet without exposing them to inbound internet traffic. It is not required for making a subnet public.
D. Amazon VPC Network ACLs:
Network ACLs are optional security layers that control inbound and outbound traffic at the subnet level but do not determine whether a subnet is public or private.
E. Amazon EC2 Security Groups:
Security groups control access at the instance level but do not influence whether a subnet is public or private.
By using an Internet Gateway and configuring appropriate routes in the Route Table, you can successfully make your AWS subnet public and enable internet connectivity for its resources.
Amazon AWS Certified Cloud Practitioner CLF-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner CLF-C02 exam and earn Amazon AWS Certified Cloud Practitioner CLF-C02 certification.