Virtual Private Cloud Quiz
You plan on hosting a web application consisting of a web server and a database server. These servers are going to be hosted on different EC2 Instances in different subnets in a VPC. Which of the following can be used to ensure that the database server only allows traffic from the web server?
A. Make use of Security Groups.
B. Make use of VPC Flow Logs.
C. Make use of Network Access Control Lists.
D. Make use of IAM Roles.
A. Make use of Security Groups.
Security groups can be used to control traffic into an EC2 Instance.
The below snapshot from AWS Documentation shows the rules tables for security groups in a sample web and database server setup:
For more information on this use case scenario, please visit the following URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html
Note:
NACL is used when you want deny the access for ParticularIP address or the CIDR block(Set of IP address).
So, The simple funda here is that if the requirement allows the traffic, then you can go with the Security Group.
if the requirement mentioned likedenies (Not allow) the traffic, then you can go with the NACL.
