An organization is planning to setup a management network on the AWS VPC.
The organization is trying to secure the webserver on a single VPC instance such that it allows the internet traffic as well as the back-end management traffic.
The organization wants to make so that the back end management network interface can receive the SSH traffic only from a selected IP range, while the internet facing webserver will have an IP address which can receive traffic from all the internet IPs. How can the organization achieve this by running web server on a single instance?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B.
An elastic network interface (referred to as a network interface in this documentation) is a virtual network interface that you can attach to an instance in a VPC.
Network interfaces are available only for instances running in a VPC.A network interface can include the following attributes:
· A primary private IPv4 address.
· One or more secondary private IPv4 addresses.
· One Elastic IP address (IPv4) per private IPv4 address.
· One public IPv4 address.
· One or more IPv6 addresses.
· One or more security groups.
· A MAC address.
· A source/destination check flag.
· A description.
For more information on ENI , please refer to the below link:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.htmlOption A: "It is not possible to have 2 IP addresses for a single instance" This statement is incorrect. It is possible to assign multiple IP addresses to a single EC2 instance. Therefore, this option can be eliminated.
Option B: "The organization should create 2 network interfaces, one for the internet traffic and the other for the backend traffic" This option is correct. By creating two network interfaces, the organization can separate the internet traffic and the back-end management traffic. The first network interface can be attached to a public subnet to receive internet traffic, and the second network interface can be attached to a private subnet to receive back-end management traffic. The back-end management network interface can be configured to accept SSH traffic only from a selected IP range. This way, the web server can accept traffic from all internet IPs and also receive back-end management traffic from the selected IP range.
Option C: "The organization should create 2 EC2 instances as this is not possible with one EC2 instance" This option is not the best solution because it requires the organization to manage two instances instead of one. This will increase the management overhead and costs. Additionally, having two instances can complicate the network architecture and increase the risk of security vulnerabilities.
Option D: "This is not possible." This option is incorrect. It is possible to achieve the desired configuration with a single EC2 instance and multiple network interfaces.
Therefore, the correct answer is B, "The organization should create 2 network interfaces, one for the internet traffic and the other for the backend traffic."