Answer-first summary for fast verification
Answer: Allow inbound traffic on web server port 443 from anywhere and database port 3306 from the web server security group.
Option A is the correct answer. For securing global access while allowing dynamic IP addresses, the security group for the web servers should allow traffic on port 443 (HTTPS) from all IP addresses (0.0.0.0/0). This is because the web application needs to be accessible to anyone on the internet. For database security, the security group for the RDS MySQL instance should allow traffic on port 3306 only from the security group assigned to the web servers. This restricts database access to only the web servers, enhancing security.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How should a solutions architect configure security groups for a globally accessible, secure AWS web application with EC2 web servers and an RDS MySQL database?
A
Allow inbound traffic on web server port 443 from anywhere and database port 3306 from the web server security group.
B
Restrict web server port 443 to customer IP addresses and database port 3306 to the web server security group.
C
Restrict both web server port 443 and database port 3306 to customer IP addresses.
D
Allow inbound traffic on both web server port 443 and database port 3306 from anywhere.