A company plans to deploy a new public web application on AWS. The application has a web server tier that runs on Amazon EC2 instances and a database tier that uses an Amazon RDS for MySQL DB instance. The application must be secure and accessible to global customers who have dynamic IP addresses. How should a solutions architect configure the security groups to meet these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Configure the security group for the web servers to allow inbound traffic on port 443 from 0.0.0.0/0. Configure the security group for the DB instance to allow inbound traffic on port 3306 from the security group of the web servers..
Why this is the answer
The correct option allows global customers with dynamic IP addresses to access the web application securely. Allowing inbound traffic on port 443 (HTTPS) from 0.0.0.0/0 on the web server security group enables anyone on the internet to reach the web servers. This is appropriate for a public web application. For the database tier, restricting inbound traffic on port 3306 (MySQL) to only the security group of the web servers ensures that only the application servers can connect to the database, preventing direct