Home › AWS SysOps Associate › cloudcomputing › sysopsdeployment › A new EC2 launch in a private subnet repeatedly …
A new EC2 launch in a private subnet repeatedly fails to download a yum package. The instance has internet egress through a NAT Gateway. Most likely cause?
AThe Region is incorrect
BThe instance's CPU is too slow
CThe instance's security group or NACL is blocking outbound HTTPS (443) — packages won't fetch over a blocked port
DThe CloudWatch agent is unhealthy
Answer & Solution
Correct answer: C. The instance's security group or NACL is blocking outbound HTTPS (443) — packages won't fetch over a blocked port
Outbound 443 is required for yum/dnf to fetch packages from repositories. SG (stateful) and/or NACL (stateless) often block this in tight environments. Other options don't cause that specific failure.
Related questions
Which rollout strategy minimises blast radius when shipping a risky change to a fleet of EWhich feature of AWS Resource Access Manager (RAM) lets one account share resources like sA CloudFormation stack fails midway with an `IAM role doesn't have permission` error and lWhich AWS service lets a team package and version their own internal application configuraWhich CloudFormation feature lets you reference a value created in one stack from another Which combination correctly provisions a centrally-managed multi-account landing zone for Which AWS Systems Manager capability lets administrators run a documented automation sequeAn organisation needs to deploy a new version of a web app to 100 EC2 instances behind an