Answer-first summary for fast verification
Answer: Attach a security group to DB instances that permits traffic from the private subnet's security group.
The correct answer is C. To ensure that only EC2 instances in the private subnets can access the RDS databases, you need to create a security group that allows inbound traffic from the security group assigned to instances in the private subnets. This way, the private instances can communicate with the DB instances while other subnets, including the public subnet, are restricted.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A solutions architect is designing a VPC with multiple subnets for applications using Amazon EC2 and Amazon RDS. The VPC has six subnets across two Availability Zones, each with a public, private, and database-specific subnet. EC2 instances in private subnets must have access to RDS databases. What configuration ensures this?
A
Exclude public subnet routes in a new route table for database subnets.
B
Attach a security group to DB instances that blocks traffic from the public subnet's security group.
C
Attach a security group to DB instances that permits traffic from the private subnet's security group.
D
Establish peering connections: one between public and private subnets, another between private and database subnets.
No comments yet.