A company runs its two-tier ecommerce website on AWS. The web tier consists of a load bal…

Question

A company runs its two-tier ecommerce website on AWS. The web tier consists of a load balancer that sends traffic to Amazon EC2 instances. The database tier uses an Amazon RDS DB instance. The EC2 instances and the RDS DB instance should not be exposed to the public internet. The EC2 instances require internet access to complete payment processing of orders through a third-party web service. The application must be highly available.
Which combination of configuration options will meet these requirements? (Choose two.)

Accepted Answer

Correct answer: A, E. A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets. — E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets. — To meet the security and high availability requirements, the EC2 instances and the RDS database must be placed in private subnets across multiple Availability Zones, which is achieved by Option A. To allow public web traffic to reach the application while giving the private EC2 instances outbound internet access via NAT gateways, an Application Load Balancer must be deployed in public subnets across at least two Availability Zones, as described in Option E. Options B and D fail because the load balancer must be in public subnets to accept internet traffic, and Option C incorrectly places the EC2 instances in public subnets.

AWS Certified Solutions Architect – Associate (SAA-C02) — Question 435

Answer options

Correct answer: A, E

Explanation