AWS Certified Solutions Architect – Professional — Question 846

A new application is running on Amazon Elastic Container Service (Amazon ECS) with AWS Fargate. The application uses an Amazon Aurora MySQL database.
The application and the database run in the same subnets of a VPC with distinct security groups that are configured.
The password for the database is stored in AWS Secrets Manager and is passed to the application through the DB_PASSWORD environment variable. The hostname of the database is passed to the application through the DB_HOST environment variable. The application is failing to access the database.
Which combination of actions should a solutions architect take to resolve this error? (Choose two.)

Answer options

• A. Ensure that the container has the environment variable with name "DB_PASSWORD" specified with a ג€ValueFromג€ and the ARN of the secret.
• B. Ensure that the container has the environment variable with name "DB_PASSWORD" specified with a ג€ValueFromג€ and the secret name of the secret.
• C. Ensure that the Fargate service security group allows inbound network traffic from the Aurora MySQL database on the MySQL TCP port 3306.
• D. Ensure that the Aurora MySQL database security group allows inbound network traffic from the Fargate service on the MySQL TCP port 3306.
• E. Ensure that the container has the environment variable with name "DB_HOST" specified with the hostname of a DB instance endpoint.
• F. Ensure that the container has the environment variable with name "DB_HOST" specified with the hostname of the DB cluster endpoint.

Correct answer: A, D

Explanation

To resolve the connection issue, the database's security group must permit inbound traffic on TCP port 3306 from the Fargate service's security group. Additionally, to correctly retrieve the database password from AWS Secrets Manager and inject it into the container, the ECS task definition must reference the secret's full ARN in the "valueFrom" parameter of the environment variable definition.