AWS Certified Data Engineer – Associate (DEA-C01) — Question 229

A company has a data pipeline that uses an Amazon RDS instance, AWS Glue jobs, and an Amazon S3 bucket. The RDS instance and AWS Glue jobs run in a private subnet of a VPC and in the same security group.

A user made a change to the security group that prevents the AWS Glue jobs from connecting to the RDS instance. After the change, the security group contains a single rule that allows inbound SSH traffic from a specific IP address.

The company must resolve the connectivity issue.

Which solution will meet this requirement?

Answer options

• A. Add an inbound rule that allows all TCP traffic on all TCP ports. Set the security group as the source.
• B. Add an inbound rule that allows all TCP traffic on all UDP ports. Set the private IP address of the RDS instance as the source.
• C. Add an inbound rule that allows all TCP traffic on all TCP ports. Set the DNS name of the RDS instance as the source.
• D. Replace the source of the existing SSH rule with the private IP address of the RDS instance. Create an outbound rule with the same source, destination, and protocol as the inbound SSH rule.

Correct answer: A

Explanation

The correct answer is A because adding a rule that allows all TCP traffic on all ports ensures that AWS Glue jobs can connect to the RDS instance without restrictions. The other options either focus on UDP traffic, which is not relevant for RDS connections, or specify incorrect source types that would not resolve the connectivity issue.