Answer-first summary for fast verification
Answer: Add an outbound rule to the EC2 instances' security group. Specify the DB cluster's security group as the destination over the default Aurora port., Add an inbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the source over the default Aurora port.
To ensure the Amazon EC2 instances can communicate with the Amazon Aurora DB Cluster with the least privilege access, the following steps are necessary: 1. **(B) Add an outbound rule to the EC2 instances' security group**: This rule specifies the DB cluster's security group as the destination over the default Aurora port (typically port 3306 for MySQL-compatible Aurora). Outbound rules need to be configured on the EC2 instances’ security group to permit outbound traffic to the DB cluster. 2. **(C) Add an inbound rule to the DB cluster's security group**: This rule specifies the EC2 instances' security group as the source over the default Aurora port. Inbound rules in the DB cluster’s security group enable the incoming connections from the EC2 instances, ensuring that the DB cluster allows traffic from the specified EC2 instances' security group. By configuring these rules, the solution ensures that only the necessary access between the EC2 instances and the Aurora DB cluster is granted, adhering to the principle of least privilege. This practice minimizes potential security risks by limiting access to only what is required for the application to function properly.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company has an application that runs on Amazon EC2 instances. A solutions architect is designing VPC infrastructure in an AWS Region where the application needs to access an Amazon Aurora DB Cluster. The EC2 instances are all associated with the same security group. The DB cluster is associated with its own security group. The solutions architect needs to add rules to the security groups to provide the application with least privilege access to the DB Cluster. Which combination of steps will meet these requirements? (Choose two.)
A
Add an inbound rule to the EC2 instances' security group. Specify the DB cluster's security group as the source over the default Aurora port.
B
Add an outbound rule to the EC2 instances' security group. Specify the DB cluster's security group as the destination over the default Aurora port.
C
Add an inbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the source over the default Aurora port.
D
Add an outbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the destination over the default Aurora port.
E
Add an outbound rule to the DB cluster's security group. Specify the EC2 instances' security group as the destination over the ephemeral ports.