A user has created an ELB with three instances. How many security groups will ELB create by
default?
A.
3
B.
5
C.
2
D.
1
Explanation:
Elastic Load Balancing provides a special Amazon EC2 source security group that the user can
use to ensure that back-end EC2 instances receive traffic only from Elastic Load Balancing. This
feature needs two security groups: the source security group and a security group that defines the
ingress rules for the back-end instances. To ensure that traffic only flows between the load
balancer and the back-end instances, the user can add or modify a rule to the back-end security
group which can limit the ingress traffic. Thus, it can come only from the source security group
provided by Elastic load Balancing.
D
D
I believe that is C, 2 security groups.
C
The correct answer is D. ELB creates only 1 security group for itself. The security groups of the instances are created at EC2 instance launch time.
D
Answer is C to pass certification
D
I went to the console and created the setup. Had to launch 3 instances first, you can select all defaults and console will create sec grp launch-xyz or can use vpc default sec grp by selecting it. Then I created ELB to point to 3 instances and you can select existing sec grp vpc-default or launch-xyz, to select existing sec grp is the default setting. You can create one, which you have to select to do. Technically, you can add rules to existing sec grp and need to create 0, but given it’s best practice to have one for ELB and one for instances I’m in favor of Answer D, where we create one sec grp for the ELB during ELB creation.
Also, there’s this:
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html
[Default VPC] If you use the AWS CLI or API to create a load balancer in your default VPC, you can’t choose an existing security group for your load balancer. Instead, Elastic Load Balancing provides a security group with rules to allow all traffic on the ports specified for the load balancer. Elastic Load Balancing creates only one such security group per AWS account, with a name of the form default_elb_id (for example, default_elb_fc5fbed3-0405-3b7d-a328-ea290EXAMPLE). Subsequent load balancers that you create in the default VPC also use this security group
The question seems to be incomplete though b/c it doesn’t tell us enough details, for instance how many the ELB “needs” by default vs how many ELB “creates” by default OR whether it’s creating to EC2-Classic or EC2-VPC, which changes things as well.
Either way this is true:
In both EC2-Classic and in a VPC, you must ensure that the security groups for your instances allow the load balancer to communicate with your instances on both the listener port and the health check port. In a VPC, your security groups and network access control lists (ACL) must allow traffic in both directions on these ports.
Answer D makes sense .
The correct answer is D. ELB creates only 1 security group for itself. The security groups of the instances are created at EC2 instance launch time.
This question may mean that three instances were launched by ELB using auto scaling then the answer will be C, it will create 2 security group.