AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company is deploying a new application on AWS and wants to ensure that the web servers are publicly available while keeping the database servers private and secure. They are planning to use Amazon EC2 instances for both web and database layers. Which of the following configurations aligns with best practices for network architecture design in an AWS VPC?
Place the web servers in a private subnet with direct internet access through a NAT Gateway and the database servers in a separate private subnet without internet access.
Place both the web servers and the database servers in the same public subnet, using security groups and network ACLs to restrict traffic to the database servers.
Deploy all the servers in a private subnet and use a VPN connection for external users to access the web application.
Place the web servers in a public subnet that has an Internet Gateway and place the database servers in a private subnet that does not have an Internet Gateway but can accessed through a NAT Gateway for outbound traffic.