AWS Certified Solutions Architect – Professional (SAP-C02) — Question 318

A company is migrating a legacy application from an on-premises data center to AWS. The application uses MongoDB as a key-value database. According to the company's technical guidelines, all Amazon EC2 instances must be hosted in a private subnet without an internet connection. In addition, all connectivity between applications and databases must be encrypted. The database must be able to scale based on demand.

Which solution will meet these requirements?

Answer options

• A. Create new Amazon DocumentDB (with MongoDB compatibility) tables for the application with Provisioned IOPS volumes. Use the instance endpoint to connect to Amazon DocumentDB.
• B. Create new Amazon DynamoDB tables for the application with on-demand capacity. Use a gateway VPC endpoint for DynamoDB to connect to the DynamoDB tables.
• C. Create new Amazon DynamoDB tables for the application with on-demand capacity. Use an interface VPC endpoint for DynamoDB to connect to the DynamoDB tables.
• D. Create new Amazon DocumentDB (with MongoDB compatibility) tables for the application with Provisioned IOPS volumes. Use the cluster endpoint to connect to Amazon DocumentDB.

Correct answer: B

Explanation

Amazon DynamoDB is a fully managed NoSQL database service that natively supports key-value data models and offers an on-demand scaling mode to automatically adjust capacity. Because the EC2 instances are in a private subnet without internet access, a gateway VPC endpoint is the standard and cost-effective mechanism to establish secure, private, and encrypted connectivity to DynamoDB. While DocumentDB is compatible with MongoDB, it is a document database rather than a pure key-value store and does not scale as seamlessly on-demand as DynamoDB.