AWS Certified SysOps Administrator – Associate (legacy) — Question 919

A new application runs on Amazon EC2 instances and accesses data in an Amazon RDS database instance. When fully deployed in production, the application fails. The database can be queried from a console on a bastion host. When looking at the web server logs, the following error is repeated multiple times:
*** Error Establishing a Database Connection.
Which of the following may be causes of the connectivity problems? (Choose two.)

Answer options

• A. The security group for the database does not have the appropriate egress rule from the database to the web server.
• B. The certificate used by the web server is not trusted by the RDS instance.
• C. The security group for the database does not have the appropriate ingress rule from the web server to the database.
• D. The database is still being created and is not available for connectivity.

Correct answer: A, C

Explanation

Security groups in AWS act as stateful firewalls, meaning both ingress rules (to allow incoming traffic from the web server to the database) and egress rules (to allow outgoing traffic back to the web server) must be correctly configured for successful communication. Since the database is accessible from a bastion host, it is already fully created and running, which eliminates option D. Option B is incorrect because certificate trust issues would produce SSL/TLS handshake errors rather than a generic database connection failure.