AWS Certified Solutions Architect – Associate (SAA-C03) — Question 779

A company wants to set up Amazon Managed Grafana as its visualization tool. The company wants to visualize data from its Amazon RDS database as one data source. The company needs a secure solution that will not expose the data over the internet.

Which solution will meet these requirements?

Answer options

• A. Create an Amazon Managed Grafana workspace without a VPC. Create a public endpoint for the RDS database. Configure the public endpoint as a data source in Amazon Managed Grafana.
• B. Create an Amazon Managed Grafana workspace in a VPC. Create a private endpoint for the RDS database. Configure the private endpoint as a data source in Amazon Managed Grafana.
• C. Create an Amazon Managed Grafana workspace without a VPCreate an AWS PrivateLink endpoint to establish a connection between Amazon Managed Grafana and Amazon RDS. Set up Amazon RDS as a data source in Amazon Managed Grafana.
• D. Create an Amazon Managed Grafana workspace in a VPC. Create a public endpoint for the RDS database. Configure the public endpoint as a data source in Amazon Managed Grafana.

Correct answer: B

Explanation

Option B is correct because configuring the Amazon Managed Grafana workspace to connect to a VPC allows it to access resources securely using private IP addresses. By pairing this with an Amazon RDS private endpoint, all traffic remains within the AWS network and is never exposed to the public internet. Options A, C, and D are incorrect because they either utilize public endpoints or fail to configure the Grafana workspace inside a VPC to access private VPC resources directly.