AWS Certified Data Engineer – Associate (DEA-C01) — Question 221
A company manages an Amazon Redshift data warehouse. The data warehouse is in a public subnet inside a custom VPC. A security group allows only traffic from within itself. An ACL is open to all traffic.
The company wants to generate several visualizations in Amazon QuickSight for an upcoming sales event. The company will run QuickSight Enterprise edition in a second AWS account inside a public subnet within a second custom VPC. The new public subnet has a security group that allows outbound traffic to the existing Redshift cluster.
A data engineer needs to establish connections between Amazon Redshift and QuickSight. QuickSight must refresh dashboards by querying the Redshift cluster.
Which solution will meet these requirements?
Answer options
- A. Configure the Redshift security group to allow inbound traffic on the Redshift port from the QuickSight security group.
- B. Assign Elastic IP addresses to the QuickSight visualizations. Configure the QuickSight security group to allow inbound traffic on the Redshift port from the Elastic IP addresses.
- C. Confirm that the CIDR ranges of the Redshift VPC and the QuickSight VPC are the same. If CIDR ranges are different, reconfigure one CIDR range to match the other. Establish network peering between the VPCs.
- D. Create a QuickSight gateway endpoint in the Redshift VPC. Attach an endpoint policy to the gateway endpoint to ensure only specific QuickSight accounts can use the endpoint.
Correct answer: A
Explanation
The correct answer is A because allowing inbound traffic on the Redshift port from the QuickSight security group is necessary for QuickSight to access the Redshift cluster. Option B is incorrect because assigning Elastic IPs is unnecessary for QuickSight to connect to Redshift. Option C is not relevant since differing CIDR ranges do not prevent the connection as long as the security groups are correctly configured. Option D does not apply here as a gateway endpoint is not required for QuickSight to access Redshift.