Learn how to troubleshoot and resolve connectivity issues in AWS PrivateLink and Network Load Balancer (NLB) for a centralized logging service. Ensure secure and efficient communication between clients and the logging service.
Table of Contents
Question
A company is creating a centralized logging service running on Amazon EC2 that will receive and analyze logs from hundreds of AWS accounts. AWS PrivateLink is being used to provide connectivity between the client services and the logging service.
In each AWS account with a client, an interface endpoint has been created for the logging service and is available. The logging service running on EC2 instances with a Network Load Balancer (NLB) are deployed in different subnets. The clients are unable to submit logs using the VPC endpoint.
Which combination of steps should a solutions architect take to resolve this issue? (Choose two.)
A. Check that the NACL is attached to the logging service subnet to allow communications to and from the NLB subnets. Check that the NACL is attached to the NLB subnet to allow communications to and from the logging service subnets running on EC2 instances.
B. Check that the NACL is attached to the logging service subnets to allow communications to and from the interface endpoint subnets. Check that the NACL is attached to the interface endpoint subnet to allow communications to and from the logging service subnets running on EC2 instances.
C. Check the security group for the logging service running on the EC2 instances to ensure it allows ingress from the NLB subnets.
D. Check the security group for the logging service running on EC2 instances to ensure it allows ingress from the clients.
E. Check the security group for the NLB to ensure it allows ingress from the interface endpoint subnets.
Answer
B. Check that the NACL is attached to the logging service subnets to allow communications to and from the interface endpoint subnets. Check that the NACL is attached to the interface endpoint subnet to allow communications to and from the logging service subnets running on EC2 instances.
C. Check the security group for the logging service running on the EC2 instances to ensure it allows ingress from the NLB subnets.
Explanation
In this scenario, the clients are unable to submit logs using the VPC endpoint, which suggests a connectivity issue between the clients and the logging service. The logging service is running on EC2 instances with a Network Load Balancer (NLB) and is accessible via an interface endpoint.
Option B is correct because the NACL (Network ACL) should be attached to the logging service subnet to allow communications to and from the interface endpoint subnet. This will ensure that the clients can connect to the logging service.
Option C is also correct because the security group for the logging service running on EC2 instances should allow ingress from the NLB subnets. This will ensure that the NLB can communicate with the logging service.
Option A is incorrect because attaching the NACL to the NLB subnet will not help with the connectivity issue between the clients and the logging service.
Option D is incorrect because the security group for the logging service should allow ingress from the NLB subnets, not the clients.
Option E is not relevant to the given scenario.
Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Solutions Architect – Professional SAP-C02 exam and earn Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification.