A user is hosting a public website on AWS. The user wants to have the database and the app
server on the AWS VPC. The user wants to setup a database that can connect to the Internet for
any patch upgrade but cannot receive any request from the internet. How can the user set this
up?
A.
Setup DB in a private subnet with the security group allowing only outbound traffic.
B.
Setup DB in a public subnet with the security group allowing only inbound data.
C.
Setup DB in a local data center and use a private gateway to connect the application with DB.
D.
Setup DB in a private subnet which is connected to the internet via NAT for outbound.
Explanation:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables
the user to launch AWS resources into a virtual network that the user has defined. AWS provides
two features that the user can use to increase security in VPC: security groups and network
ACLs. When the user wants to setup both the DB and App on VPC, the user should make one
public and one private subnet. The DB should be hosted in a private subnet and instances in that
subnet cannot reach the internet. The user can allow an instance in his VPC to initiate outbound
connections to the internet but prevent unsolicited inbound connections from the internet by using
a Network Address Translation (NAT) instance.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html
D