Which of the following is a correct statement concerning ECS instances when accessing the Amazon ECS service endpoint?
Choose 2 options.

Answer options:

A.Create an Interface VPC Endpoint for ECS service and attach to VPC subnet’s route table in which ECS instances are running.
B.ECS intances are launched with ECS-optimized AMI which contains an inbuilt mechanism to communicate with ECS service endpoints through AWS network.
C.Container instances have public IP addresses.
D.AWS service endpoints are accessible internally across VPCs. You need to enable IAM role access on the service which needs to be accessed.

Answer: A and C
The container agent runs on each infrastructure resource within an Amazon ECS cluster. It sends information about the resource`s current running tasks and resource utilization to Amazon ECS, and starts and stops tasks whenever it receives a request from Amazon ECS.
Refer page 328 on the below link:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-dg.pdf
Option A is correct.ECS supports interface VPC endpoints.
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/vpc-endpoints.html
 https://aws.amazon.com/blogs/aws/aws-privatelink-update-vpc-endpoints-for-your-own-applications-services/
Option B is not correct. Any network communication in/out of VPC must follow the rules defined on route tables, Network ACLs and Security Groups. Any external communication (internet facing or AWS service endpoints) must either go through Internet Gateway, NAT Gateway or VPC Endpoints (if applicable).
Option C is correct because this container instance can communicate with the Amazon ECS service endpoint with its public IP address.
For more information on traffic between VPC and outside networks, refer to documentation here.
https://aws.amazon.com/premiumsupport/knowledge-center/connect-vpc/
Option D is not a valid statement. Refer to the above documentation.