AWS Certified Solutions Architect – Professional — Question 989

A company is migrating a legacy application from an on-premises data center to AWS. The application uses MongoDB as a key-value database. According to the company's technical guidelines, all Amazon EC2 instances must be hosted in a private subnet without an internet connection. In addition, all connectivity between applications and databases must be encrypted. The database must be able to scale based on demand.
Which solution will meet these requirements?

Answer options

• A. Create new Amazon DocumentDB (with MongoDB compatibility) tables for the application with Provisioned IOPS volumes. Use the instance endpoint to connect to Amazon DocumentDB.
• B. Create new Amazon DynamoDB tables for the application with on-demand capacity. Use a gateway VPC endpoint for DynamoDB to connect to the DynamoDB tables.
• C. Create new Amazon DynamoDB tables for the application with on-demand capacity. Use an interface VPC endpoint for DynamoDB to connect to the DynamoDB tables.
• D. Create new Amazon DocumentDB (with MongoDB compatibility) tables for the application with Provisioned IOPS volumes. Use the cluster endpoint to connect to Amazon DocumentDB.

Correct answer: B

Explanation

Amazon DynamoDB is a fully managed key-value database that supports on-demand capacity, allowing it to scale automatically to accommodate workload traffic. To connect to DynamoDB from private subnets without internet access, a gateway VPC endpoint should be used because it is free of charge and provides direct, private routing to DynamoDB. Amazon DocumentDB does not utilize "tables" (it uses collections) and does not natively support on-demand capacity scaling in the same manner as DynamoDB.