AWS Certified Solutions Architect – Professional — Question 363

Who is responsible for modifying the routing tables and networking ACLs in a VPC to ensure that a DB instance is reachable from other instances in the VPC?

Answer options

• A. AWS administrators
• B. The owner of the AWS account
• C. Amazon
• D. The DB engine vendor

Correct answer: B

Explanation

Under the AWS Shared Responsibility Model, the customer (the AWS account owner) is fully responsible for configuring and securing their own network resources, including routing tables and network ACLs within their VPC. Amazon/AWS manages the underlying cloud infrastructure but does not control customer-defined network access rules. The DB engine vendor only provides the database software and has no access to or responsibility for the customer's AWS network configuration.