AWS Solutions Architect Associate Practice Test

What VPC configuration ensures the DB is not accessible from the Internet?

• A. One Public Subnet for ELB and one Public Subnet for the web-servers
• B. One Public Subnet for ELB, two Private Subnets for the web-servers, two private subnets for the RDS
• C. Two Public Subnets for ELB and two private Subnets for the web-servers
• D. Two Public Subnets for ELB and two Public Subnets for the RDS

The correct answer is: One Public Subnet for ELB, two Private Subnets for the web-servers, two private subnets for the RDS

The choice of having one public subnet for the Elastic Load Balancer (ELB) and two private subnets for the web servers and two private subnets for the Relational Database Service (RDS) is correct because it creates a network architecture that effectively isolates the database from direct Internet access. In this configuration, the ELB acts as the entry point for incoming traffic from the Internet and can distribute that traffic to the web servers located in the private subnets. The web servers can process requests and, if necessary, communicate with the RDS instances. Because the RDS is configured within private subnets, it is not assigned a public IP address and thus cannot be accessed directly from the Internet. This arrangement not only protects sensitive database information but also ensures that any traffic to the database can only be routed through the secured web servers, adding a layer of security. In contrast, configurations that include public subnets for the RDS (as in the last choice) or solely public subnets for both the database and web servers expose the RDS directly to the Internet, undermining the security of your database. The design with only public subnets for the web servers completely lacks the necessary isolation for database access, making it vulnerable. Therefore,