A company deploys a two-tier web application in a VPC. The web tier uses an Auto Scaling group in public subnets across multiple Availability Zones. The database tier is an Amazon RDS for MySQL DB instance in private subnets. The web tier cannot connect to the database, though the DB is running. Network ACLs, security groups, and route tables are still at their default settings. What should a solutions architect recommend to fix the application?
Choose an answer
Tap an option to check your answer.
Correct answer: Add an inbound rule to the security group of the database tier’s RDS instance to allow traffic from the web tiers security group..
Why this is the answer
The correct solution is to add an inbound rule to the database tier's security group. By default, security groups deny all inbound traffic. To allow the web tier to connect to the database, an inbound rule must be added to the RDS security group, permitting traffic from the web tier's security group. This is a best practice for allowing communication between application tiers within a VPC, as it dynamically adjusts to changes in the web tier's EC2 instances. The other options are incorrect because: Network ACLs, by default, allow all inbound and outbound traffic. Modifying them is not necessary here and would be a less granular control than security groups. Route tables in a VPC automatically handle routing between subnets within the same VPC. No explicit route is needed for direct communication between subnets. Deploying into separate VPCs and using VPC peering is an overly complex solution for communication within the same application in the same VPC.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed