0 votes
in AWS by
A Solutions Architect is designing an online shopping application running in a VPC on EC2 instances behind an ELB Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application tier must read and write data to a customer managed database cluster. There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet.

Which VPC design meets these requirements?

A. Public subnets for both the application tier and the database cluster

B. Public subnets for the application tier, and private subnets for the database cluster

C. Public subnets for the application tier and NAT Gateway, and private subnets for the database cluster

D. Public subnets for the application tier, and private subnets for the database cluster and NAT Gateway

1 Answer

0 votes
by
C – The online application must be in public subnets to allow access from clients' browsers. The database cluster must be in private subnets to meet the requirement that there be no access from the Internet. A NAT Gateway is required to give the database cluster the ability to download patches from the Internet.

NAT Gateways must be deployed in public subnets.

Related questions

0 votes
asked Mar 19 in AWS by DavidAnderson
0 votes
asked Dec 12, 2021 in AWS by SakshiSharma
...