AWS Certified SysOps Administrator – Associate — Question 398

A new application runs on Amazon EC2 instances and accesses data in an Amazon RDS database instance. When fully deployed in production, the application fails. The database can be queried from a console on a bastion host. When looking at the web server logs, the following error is repeated multiple times:
*** Error Establishing a Database Connection
Which of the following may be causes of the connectivity problems? (Choose two.)

Answer options

• A. The security group for the database does not have the appropriate egress rule from the database to the web server.
• B. The certificate used by the web server is not trusted by the RDS instance.
• C. The security group for the database does not have the appropriate ingress rule from the web server to the database.
• D. The port used by the application developer does not match the port specified in the RDS configuration.
• E. The database is still being created and is not available for connectivity.

Correct answer: C, D

Explanation

The connection failure is likely caused by the database's security group missing an ingress rule to allow incoming traffic from the web server (Option C), or a mismatch between the database port configured in the application and the actual port on the Amazon RDS instance (Option D). Since the database is reachable from a bastion host, it is fully operational, making Option E incorrect. Security groups are stateful, meaning return traffic is automatically allowed, so an egress rule on the database security group (Option A) is not required, and RDS does not validate the web server's SSL certificate for incoming client connections (Option B).