What is the minimum number of subnets that need to be configured in the VPC?

A company wants to implement their website in a virtual private cloud (VPC). The web tier will use an Auto
Scaling group across multiple Availability Zones (AZs). The database will use Multi-AZ RDS MySQL and should
not be publicly accessible. What is the minimum number of subnets that need to be configured in the VPC?

A company wants to implement their website in a virtual private cloud (VPC). The web tier will use an Auto
Scaling group across multiple Availability Zones (AZs). The database will use Multi-AZ RDS MySQL and should
not be publicly accessible. What is the minimum number of subnets that need to be configured in the VPC?

A.
1

B.
2

C.
3

D.
4



Leave a Reply 39

Your email address will not be published. Required fields are marked *


JM

JM

Why 2 and not 4?
Imho D.

Logic:
Would use VPC with private (DB) and public (WEB) subnets:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html

Multi AZ requirement forces me to multiply subnets by two.
Reasons:
For DB: Your VPC must have at least one subnet in at least two of the Availability Zones in the region where you want to deploy your DB instance. A subnet is a segment of a VPC’s IP address range that you can specify and that lets you group instances based on your security and operational needs
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html

For Web: After creating a VPC, you can add one or more subnets in each Availability Zone. Each subnet must reside entirely within one Availability Zone and cannot span zones
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

T

T

B may be a valid answer.

I think all instances may be deployed in PUBLIC subnets (so minimum 2 subnets)
AND to make RDS instances NOT publicly available we may use another Security Group for RDS instances only where traffic will be allowed only from the same VPC but not from outside.

But I am not sure if it will work.

Dinesh

Dinesh

Question is asking for Multiple AZ, means at least 2 or more AZ. and you need at least 2 subnet (1-Priv and 1-Public) in that 2 (at least AZ).

So ans is : D

ahb

ahb

d.
Each subnet must reside entirely within one Availability Zone and cannot span zones.

Vamsi

Vamsi

Correct answer is D.

Since multi-AZ RDS needs 2 private subnets to provide high availability and 2 public subnets are needed for ELB(web-tier) application.

aerodt

aerodt

Answer is B. The question refers ‘The database will use Multi-AZ RDS MySQL and should
not be Publicly Accessible’ is a question when you setting up the RDS (not Public subnet). So if you setup the webtier and the dbTier on the same 2 subnets, then B is correct.

Khaled

Khaled

in order to setup RDS it has to assigned to at least 2 subnets in two AZ. if you use the same subnet as web so the DB will be publicly available.

KwagongMakisig

KwagongMakisig

Pretty confusing and disappointing question!
But I agree B is the answer, the fact that the way the question is worded
“what is the minimum number of subnets” gives option B more reason to be the right choice

Dinesh

Dinesh

ok KwagongMakisig – than what about “across multiple Availability Zones (AZs)”?

RSS60

RSS60

The questions is intentionally vague…..there is no indication that the website must be publically accessible, so technically only 2 subnets would be required.

MTL

MTL

technically you are correct

M

M

Answer is D. Bcuz web tier need 2 public subnets for Multi AZ and for DB Multi AZ deployment need 2 Private subnets . So need total 4

Steve

Steve

I think it’s got to be B. As it says for the “publicly Accessible” RDS option in the console, “If you select No, Amazon RDS will not assign a public IP address to the DB instance, and no EC2 instance or devices outside of the VPC will be able to connect.”. There’s nothing stopping you choosing this option when your Subnet Group has public subnets. So you can use the same 2 public subnets as your web servers.

I’m not saying this is the best way to do it, personally I’d put the DB in private subnets, but they do ask what is the minimum number of subnets meeting the requirement – that’s 2.

networkmanagers

networkmanagers

I agree with the answer. B

Sachin

Sachin

Has anyone taken this to verify these questions are on exam?

engmohhamed

engmohhamed

I think answer is D
auto scaling across AZ requires at least 2 subnets for web tier so we have 2 public subnet,
MYsql RDS requires 2 private subnets distributed over different AZ
i guess for each AZ we have 2 subnets (public and private) and as we have auto scaling across AZ so we have at least 2 AZ, the result 2 (subnets) X 2 (AZ) = 4

vladam

vladam

The reason to choose D over B is that it is not a good practice to have your DB servers in same subnets as your webservers. So while B may technically be a possible answer it is not the right one taking into account how well architected AWS applications should be designed.

Right answer is D.

shaam

shaam

But the question is minimum number of subnets that can be used to architect this scenario, which is 2. You can have security groups to restrict access to all DB instances across the two subnets across AZs.

Anthony

Anthony

Well said Vladam but because they are asking for the minimum number of subnets, I would say the answer should be B (2 subnets). Even though it is not best practise, two subnets can be used . Therefore I would choose B.

donkeynuts

donkeynuts

This question is balls. But nobody here has mentioned a legitimate reason that B is not correct… The question doesnt ask what is the correct approach, it literally asks what is the minimum subnets you need, it seems like 2 to me

Tester

Tester

I remember this question on the exam. But I don’t true answer…

Tester

Tester

I don’t know…

Simon Liang

Simon Liang

B.

I agree with Steve.

When we launch DB instance, we can set PubliclyAccessible parameter:
Select Yes if you want EC2 instances and devices outside of the VPC hosting the DB instance to connect to the DB instance. If you select No, Amazon RDS will not assign a public IP address to the DB instance, and no EC2 instance or devices outside of the VPC will be able to connect. If you select Yes, you must also select one or more VPC security groups that specify which EC2 instances and devices can connect to the DB instance.

So in this case we can only have 2 public subnets.

Rickety

Rickety

Yet another question with very ambiguous wording. I think it is 4.

You can assume that the website needs to be publicly accessible. Therefore – 2 public subnets, one for each AZ. Unless they are just trying to flat-out trick you with the wording. They have to assume that people will think the web servers are public. If they are trying to trick us intentionally there’s not much we can do about that.

http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-manage-subnets.html

When you add a subnet to your load balancer, Elastic Load Balancing creates a load balancer node in the Availability Zone. Load balancer nodes accept traffic from clients and forward requests to the healthy registered instances in one or more Availability Zones. For load balancers in a VPC, we recommend that you add one subnet per Availability Zone for at least two Availability Zones. This improves the availability of your load balancer. Note that you can modify the subnets for your load balancer at any time.

Amit

Amit

The delima is wether AWS sees if we follow AWS best practices or just go by the logic of the question.
B is correct and technicallly dioable meeting all criteria of the question including not allowing DB public access by a> Not associating Elastic Public IP b> Security group only allowing Web Security group servers.

D is ight if you are following AWS best practices of having internal and external subnets, But is it the minimum number of subnets (maybe yes without breaching best practice)

bookernoe

bookernoe

D is my answer. Like it was mentioned, web and DB should be in different subnet. So 2 for each.

Rekha

Rekha

4 is the answer, you need at least 2 zones to set up MultiAZs. 2 for Web + 2 for DB = 4

deathless

deathless

This is a tricky question and I would go with B for the following reasons:

1. It is implementation.
2. One site on multiple instances (2 minimal)
3. From the above two pre-requirements, there would be ELB for this approach. However, no words saying about it.
4. With ELB you do not need to have two public subnets.
5. DB may use two private subnets.

deathless

deathless

Now, I changed my mind and it is D

kumar

kumar

Not sure but why not answer is C – 3 Subnets.

Here is the reason.
the question on Multi-AZ RDS is a distraction, we need only one private subnet for RDS, as by default RDS are Highly Availabity, it is a managed service.

Hence 2 for EC2 + 1 for RDS total 3 Subnets.

DaDA

DaDA

I think that need to create minimum 3 Subnet
– 2 Public Subnet
– 1 Private Subnet

A company wants to implement their website in a virtual private cloud (VPC). The web tier will use an Auto Scaling group across multiple Availability Zones (AZs).
–> Cross multi AZ, it mind need to minimum 2 Public Subnets, each Subnet on each AZ.

The database will use Multi-AZ RDS MySQL and should not be publicly accessible. What is the minimum number of subnets that need to be configured in the VPC?
–> Need Only create a Private Subnet for setting Multi-AZ RDS.
“should not be public accessible” it mind difference Public Subnet.

Juan

Juan

I think that the correct answer is C.
2 subnets for EC2 Instances in 2 AZ.
1 subnet for RDS with Multi AZ enable. Multi AZ on RDS only require 1 subnet.

mE

mE

Answer is B

The question never stated that the web servers need to be accessed externally.

Gou**

Gou**

you can span the same subnet across multiple AZ within a region, so here we require 2 subnets.

rnatarajan

rnatarajan

Lets do anatomy of the question to reach the conclusion based on comments above:

1) A company wants to implement their website in a virtual private cloud (VPC). ### By usual sense when a company wants to launch a website it is assumed to be public facing unless otherwise explicitly mentioned as intranet site. So we give public IP requirement the benefit of doubt.

2)The web tier will use an Auto Scaling group across multiple Availability Zones (AZs). ### Multi AZ means minimum of 2 subnets required. Lets say it is 10.1.0.0 in AZ1 and 10.2.0.0 in AZ2. So now we know by far that atleast 2 subnets is required. Lets see further.

3)The database will use Multi-AZ RDS MySQL and should not be publicly accessible. ##### They still do not stipulate that you need to have separate subnet for RDS. Hence 10.1.0.0 in AZ1 and 10.2.0.0 in AZ2 can be reused. And to restrict public access security group at launch selection will achieve this. So still we need only 2 subnets so far.

4)What is the minimum number of subnets that need to be configured in the VPC? ####### Again cuz of the emphasis on the word minimum and from 2) and 3) we concur that 2 subnets should be the optimum answer.

Let me know your comments..

BTW Gou** You cannot span a subnet across more than one AZ..

Pin2

Pin2

4 (2 public subnets for web instances in multiple AZs and 2 private subnets for RDS Multi-AZ)

PPV

PPV

Its B. Each Subnet points to a AZ. Now the RDS with Multi AZ will have two AZs one as primary and one as secondary. But as the endpoint for both primary and secondary is same in Multi AZ situation unlike replicas they will need only 1 Subnet. The second subnet of-cource is for web instance.