AWS Certified Solutions Architect – Associate (SAA-C03) — Question 437

A company has a three-tier web application that is in a single server. The company wants to migrate the application to the AWS Cloud. The company also wants the application to align with the AWS Well-Architected Framework and to be consistent with AWS recommended best practices for security, scalability, and resiliency.

Which combination of solutions will meet these requirements? (Choose three.)

Answer options

• A. Create a VPC across two Availability Zones with the application's existing architecture. Host the application with existing architecture on an Amazon EC2 instance in a private subnet in each Availability Zone with EC2 Auto Scaling groups. Secure the EC2 instance with security groups and network access control lists (network ACLs).
• B. Set up security groups and network access control lists (network ACLs) to control access to the database layer. Set up a single Amazon RDS database in a private subnet.
• C. Create a VPC across two Availability Zones. Refactor the application to host the web tier, application tier, and database tier. Host each tier on its own private subnet with Auto Scaling groups for the web tier and application tier.
• D. Use a single Amazon RDS database. Allow database access only from the application tier security group.
• E. Use Elastic Load Balancers in front of the web tier. Control access by using security groups containing references to each layer's security groups.
• F. Use an Amazon RDS database Multi-AZ cluster deployment in private subnets. Allow database access only from application tier security groups.

Correct answer: C, E, F

Explanation

Refactoring the application into distinct web, application, and database tiers across multiple Availability Zones (Option C) ensures proper scalability and fault isolation. Utilizing Elastic Load Balancers and chaining security groups (Option E) provides secure, scalable traffic routing and adheres to the principle of least privilege between tiers. Deploying a Multi-AZ Amazon RDS cluster (Option F) guarantees database high availability and resilience, whereas single RDS instances (Options B and D) represent single points of failure.