AWS Certified Database – Specialty — Question 11

A company has deployed an e-commerce web application in a new AWS account. An Amazon RDS for MySQL Multi-AZ DB instance is part of this deployment with a database-1.xxxxxxxxxxxx.us-east-1.rds.amazonaws.com endpoint listening on port 3306. The company's Database Specialist is able to log in to MySQL and run queries from the bastion host using these details.
When users try to utilize the application hosted in the AWS account, they are presented with a generic error message. The application servers are logging a `could not connect to server: Connection times out` error message to Amazon CloudWatch Logs.
What is the cause of this error?

Answer options

• A. The user name and password the application is using are incorrect.
• B. The security group assigned to the application servers does not have the necessary rules to allow inbound connections from the DB instance.
• C. The security group assigned to the DB instance does not have the necessary rules to allow inbound connections from the application servers.
• D. The user name and password are correct, but the user is not authorized to use the DB instance.

Correct answer: C

Explanation

The correct answer is C because the application servers must be able to connect to the DB instance, and if the security group for the DB instance does not allow inbound traffic from the application servers, it will result in a connection timeout. Options A and D are incorrect as they pertain to authentication issues, which are not indicated by the timeout error. Option B is incorrect because it refers to the application server's security group, while the problem lies with the DB instance's security group settings.