Which combination of solutions will meet these requirements?
(Choose three.)
Create a VPC across two Availability Zones with the application’s existing architecture. Host the application with existing architecture on an Amazon EC2 instance in a private subnet in each Availability Zone with EC2 Auto Scaling groups. Secure the EC2 instance with security groups and network access control lists (network ACLs).
Set up security groups and network access control lists (network ACLs) to control access to the database layer. Set up a single Amazon RDS database in a private subnet.
Create a VPC across two Availability Zones. Refactor the application to host the web tier, application tier, and database tier. Host each tier on its own private subnet with Auto Scaling groups for the web tier and application tier.
Use a single Amazon RDS database. Allow database access only from the application tier security group.
Use Elastic Load Balancers in front of the web tier. Control access by using security groups containing references to each layer’s security groups.
Use an Amazon RDS database Multi-AZ cluster deployment in private subnets. Allow database access only from application tier security groups.
Explanations:
While hosting the application across two Availability Zones is a good practice for high availability, using a single EC2 instance in each Availability Zone (without a load balancer and without proper fault tolerance) does not meet the best practices for scalability and resiliency.
Using a single Amazon RDS database in a private subnet lacks the redundancy and high availability needed for a well-architected solution. AWS recommends using a Multi-AZ deployment for better resiliency.
Refactoring the application to use separate private subnets for each tier (web, application, database) aligns with best practices for security, scalability, and resiliency. Additionally, using Auto Scaling groups ensures scalability for the web and application tiers.
A single RDS database is not ideal for high availability. AWS best practices suggest using a Multi-AZ deployment for RDS to ensure redundancy.
Using Elastic Load Balancers for the web tier ensures scalability and fault tolerance. Security groups controlling access between layers ensure a secure and well-architected design.
An Amazon RDS Multi-AZ deployment provides high availability and durability for the database. Restricting database access to the application tier via security groups enhances security.
I have a feeling that the answer is:
Create a VPC across two Availability Zones. Refactor the application to host the web tier, application tier, and database tier. Host each tier on its own private subnet with Auto Scaling groups for the web tier and application tier.