AWS Certified Database – Specialty — Question 141

A company hosts an internal file-sharing application running on Amazon EC2 instances in VPC_A. This application is backed by an Amazon ElastiCache cluster, which is in VPC_B and peered with VPC_A. The company migrates its application instances from VPC_A to VPC_B. Logs indicate that the file-sharing application no longer can connect to the ElastiCache cluster.
What should a database specialist do to resolve this issue?

Answer options

• A. Create a second security group on the EC2 instances. Add an outbound rule to allow traffic from the ElastiCache cluster security group.
• B. Delete the ElastiCache security group. Add an interface VPC endpoint to enable the EC2 instances to connect to the ElastiCache cluster.
• C. Modify the ElastiCache security group by adding outbound rules that allow traffic to VPC_B's CIDR blocks from the ElastiCache cluster.
• D. Modify the ElastiCache security group by adding an inbound rule that allows traffic from the EC2 instances' security group to the ElastiCache cluster.

Correct answer: D

Explanation

The correct answer is D because adding an inbound rule to the ElastiCache security group allows the EC2 instances to send traffic to the ElastiCache cluster. Options A and C do not address the inbound traffic requirement for ElastiCache, while option B incorrectly suggests removing the security group, which would not resolve the connectivity issue.