You work as an architect for a company. An application is going to be deployed on a set of EC2 instances in a VPC. The Instances will be hosting a web application. You need to design the security group to ensure that users have the ability to connect from the Internet via HTTPS. Which of the following needs to be configured for the security group?

Answer options:

A.Allow Inbound access on port 443 for 0.0.0.0/0
B.Allow Outbound access on port 443 for 0.0.0.0/0
C.Allow Inbound access on port 80 for 0.0.0.0/0
D.Allow Outbound access on port 80 for 0.0.0.0/0

Answer – A
The AWS Documentation mentions the following.
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don`t specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.AWS Security groups are stateful. It means that you do not need to open the outbound for responses - open only inbound for requests. If you think your instances will be sending requests to certain IPs (for example: to upgrade/install a package), then you need to open the IP/port for that request. By default, it is open for all traffic.
Option B is incorrect since security groups are stateful. You don’t need to define the rule for outbound traffic.
Options C and D are incorrect since you need to ensure access for HTTPS. Hence you should not configure rules for port 80.
For more information on security groups, please visit the below URL-
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html