Learn AWS best practices for configuring a Virtual Private Cloud (VPC) with EC2 instances and RDS databases. Secure your application by placing resources in the appropriate subnets.
Table of Contents
Question
Your company has an application that uses Amazon EC2 instances to run the customer-facing website and Amazon RDS database instances to store customers’ personal information. How should the developer configure the VPC according to best practices?
A. Place the Amazon EC2 instances in a private subnet and the Amazon RDS database instances in a public subnet.
B. Place the Amazon EC2 instances and the Amazon RDS database instances in a public subnet.
C. Place the Amazon EC2 instances and the Amazon RDS database instances in a private subnet.
D. Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.
Answer
D. Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.
Explanation
The correct response option is Place the Amazon EC2 instances in a public subnet and the Amazon RDS databases instances in a private subnet.
A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private.
- Public subnets contain resources that need to be accessible by the public, such as an online store’s website.
- Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.
In a well-architected VPC configuration, resources are placed into public and private subnets based on whether they need to be accessible from the public internet.
Public subnets are used for resources that need to be accessible from the internet, such as the customer-facing website running on EC2 instances. The EC2 instances in the public subnet can have public IP addresses and be directly reachable from the internet via an internet gateway.
Private subnets are used for resources that should not be directly accessible from the internet, such as databases containing sensitive information. The RDS instances storing customer personal information should be placed in a private subnet. They do not have public IP addresses and cannot be accessed directly from the internet. Access to the RDS instances can be controlled through security groups and network access control lists (ACLs).
Placing the EC2 instances in a public subnet and the RDS databases in a private subnet allows the website to be accessed by customers over the internet while keeping the database protected. The EC2 instances can communicate with the RDS instances in the private subnet, but the databases are not directly exposed.
The other configurations are not recommended because:
- Placing RDS in a public subnet (options A and B) unnecessarily exposes the sensitive database to the internet.
- Placing both EC2 and RDS in a private subnet (option C) prevents customers from accessing the website since the EC2 instances are not publicly reachable.
Therefore, placing the public-facing EC2 instances in a public subnet and the RDS databases in a private subnet (option D) is the best practice for security and accessibility.
AWS Introduction to Cloud 101 EDC101v1 EN US KC M06 Final Assessment practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the AWS Introduction to Cloud 101 exam and earn AWS Introduction to Cloud 101 certification.