AWS Certified Solutions Architect – Associate (SAA-C03) — Question 252

An application runs on an Amazon EC2 instance that has an Elastic IP address in VPC A. The application requires access to a database in VPC B. Both VPCs are in the same AWS account.

Which solution will provide the required access MOST securely?

Answer options

• A. Create a DB instance security group that allows all traffic from the public IP address of the application server in VPC A.
• B. Configure a VPC peering connection between VPC A and VPC B.
• C. Make the DB instance publicly accessible. Assign a public IP address to the DB instance.
• D. Launch an EC2 instance with an Elastic IP address into VPC B. Proxy all requests through the new EC2 instance.

Correct answer: B

Explanation

The correct answer is B because a VPC peering connection allows secure and private communication between the two VPCs without exposing the database to the public internet. Options A and C would expose the database to potential security risks, and option D introduces unnecessary complexity by requiring an additional EC2 instance to act as a proxy.