Practice Test 2 | AWS Certified Solutions Architect Associate | SAA-C03 | Dumps | Mock Test
A Solutions Architect is designing an online shopping application running in a VPC on EC2 Instances behind an ELB Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application tier must read and write data to a customer managed database cluster. There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet. Which VPC design meets these requirements?
A. Public subnets for both the application tier and the database cluster
B. Public subnets for the application tier, and private subnets for the database cluster
C. Public subnets for the application tier and NAT Gateway, and private subnets for the database cluster
D. Public subnets for the application tier, and private subnets for the database cluster and NAT Gateway
Explanation:
Answer – C
The following diagram from AWS Documentation shows the right setup for this scenario:
We always need to keep Nat gateway on public Subnet only, because it needs to communicate internet.
Aws says that “To create a NAT gateway, you must specify the public subnet in which the NAT gateway should reside. You must also specify an Elastic IP address to associate with the NAT gateway when you create it. After you’ve created a NAT gateway, you must update the route table associated with one or more of your private subnets to point Internet-bound traffic to the NAT gateway. This enables instances in your private subnets to communicate with the internet.”
- For more information on this setup, please refer to the below URL:
NOTE:
Here the requirement is that “There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet.”
1) There should be no access to the database from the Internet.
To achieve this step, we have to launch the database inside the private subnet.
2)But the cluster must be able to obtain software patches from the Internet.
For this, we have to create NAT Gateway inside the Public Subnet. Because the subnet with internet gateway attached is known as Public Subnet. Through the NAT Gateway, a database inside the Private subnet can access the internet. Option D is saying that “User private subnet for NAT gateway”.
So Option C having these discussed Points and it’s a perfect answer.
Comments are closed, but trackbacks and pingbacks are open.