AWS Solutions Architect Associate Practice Test

What could be a cause for timing out when accessing an EC2 instance through a load balancer's DNS name?

• A. Load balancer in public subnet with IGW
• B. Instances lack private IP addresses
• C. Security groups or ACLs misconfigured
• D. Load balancer in private subnet

The correct answer is: Security groups or ACLs misconfigured

The cause of timing out when accessing an EC2 instance through a load balancer's DNS name can often be attributed to issues with security groups or network ACLs (Access Control Lists). These elements control the inbound and outbound traffic to the EC2 instances and load balancers, and if they are misconfigured, they can prevent successful communication. For example, if the security group attached to the load balancer does not allow incoming traffic on the expected ports (like HTTP or HTTPS), or if the security group for the EC2 instances does not allow traffic from the load balancer, clients will not be able to connect to the instances through the load balancer, resulting in a timeout. In contrast, if a load balancer is placed in a public subnet with an Internet Gateway (IGW), it would typically have the ability to route traffic from the internet to the instances, assuming proper configurations are in place. Instances can have private IP addresses and still be accessible if routing and security settings allow it, and having a load balancer in a private subnet is not inherently an issue, provided that the architecture is designed correctly with appropriate routing and security rules to allow access. Thus, issues with security groups or ACLs are key factors when it comes to connectivity