AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
In a VPC design with public subnets for a load balancer, private subnets for web servers using HTTPS, and private subnets for MySQL, what configuration strategy aligns with company policy to ensure minimal access for each resource's functionality?
In a VPC design with public subnets for a load balancer, private subnets for web servers using HTTPS, and private subnets for MySQL, what configuration strategy aligns with company policy to ensure minimal access for each resource's functionality?
Exam-Like
Explanation:
Option C is correct because it follows the principle of least privilege by ensuring the web servers only accept HTTPS traffic (port 443) from the load balancer, rather than from any IP address. Additionally, the MySQL servers only accept traffic on port 3306 from the web servers' security group, not from any IP. This minimizes unnecessary exposure and aligns with the company's security policy.