Question 27: You are deploying your web application from on premise datacenter to AWS. This web application in backend connect with the Oracle RDS instance for storing and retrieving data. To make deployment secure you need to have different EC2 instances one for Oracle RDS instance and other for web application. ............ And instance (db-server) with the RDS must be reachable from EC2 instance (hosting web app) only on port 1521. Which of the given below is a good fit for creating secure access?

• A. You will be creating ACL which allows all traffic from internet on port 80 and 443 and only allow traffic from web-server on port 1521.
• B. Correct Answer sg-1111.
• C. You will be keeping both EC2 instances in same public subnet so that instances can communicate with each other.
• D. You will be keeping both EC2 instances in same private subnet so that instances can communicate with each other.
• E. Correct Answer subnet.

Ans : B, E

Detailed Explanation : Understand what information are provided in question as below.

There are two EC2 instances, as below.

• Web Server
• DB Server

Only web server required to be reached from internet. Internet means from any IP address it should be reachable. And you should protect DB server access, because no external user required access to DB server only web application should be able to reach db server.

Hence, to allow and disallow specific traffic on specific port you can use security group which works on instance level. ACL is also a solution for explicitly controlling inbound and outbound traffic, but point is ACL works on subnet level and not on instance level.

..................Database server needs to be kept in private subnet, so it can be protected.