AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company is deploying a new application on AWS and wants to ensure that the web servers are publicly available while keeping the database servers private and secure. They are planning to use Amazon EC2 instances for both web and database layers. Which of the following configurations aligns with best practices for network architecture design in an AWS VPC?
Place both the web servers and the database servers in the same public subnet, using security groups and network ACLs to restrict traffic to the database servers.
Place the web servers in a private subnet with direct internet access through a NAT Gateway and the database servers in a separate private subnet without internet access.
Deploy all the servers in a private subnet and use a VPN connection for external users to access the web application.
Place the web servers in a public subnet that has an Internet Gateway and place the database servers in a private subnet that does not have an Internet Gateway but can accessed through a NAT Gateway for outbound traffic.
The most secure and common practice for network architecture within a VPC is to place resources with different security levels into separate subnets. Public web servers should be placed in a public subnet with an Internet Gateway to allow traffic from the internet. Database servers should be placed in a private subnet without direct access to the internet, enhancing their security. NAT gateways are used to allow instances in a private subnet to initiate outbound internet traffic (for updates, patches, etc.) without being directly accessible from the internet.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.