Thanks for your feedback.
You’re understanding is partially correct. In the scenario, the group of EC2 instances is both acting as a server and a client. For the instances to call APIs, the NACL inbound-outbound configuration should be reversed, meaning ephemeral ports must be set in the inbound and 80,443 in the outbound. However, in the scenario, the instances are “failing as a server” since its clients were not able to access it over the internet, hence the correct answer.
I understand it can be confusing. We’ll clarify the requirements better.
Let me know if this helps.
Carlo @ Tutorials Dojo