What should the database specialist do to meet this requirement?

By:
On:
In: DBS-C01
Tagged:
With: 0 Comments
A gaming company uses Amazon Aurora Serverless for one of its internal applications.The company’s developers use Amazon RDS Data API to work with theAurora Serverless DB cluster.After a recent security review, the company is mandating security enhancements.A database specialist must ensure that access toRDS Data API is private and never passes through the public internet.

What should the database specialist do to meet this requirement?

Modify the Aurora Serverless cluster by selecting a VPC with private subnets.

Modify the Aurora Serverless cluster by unchecking the publicly accessible option.

Create an interface VPC endpoint that uses AWS PrivateLink for RDS Data API.

Create a gateway VPC endpoint for RDS Data API.

Explanations:

Modifying the Aurora Serverless cluster to use private subnets ensures the database cluster itself is private, but it does not ensure that access to the RDS Data API does not pass through the public internet.

Making the Aurora Serverless cluster not publicly accessible restricts external access to the database but does not guarantee that requests to the RDS Data API avoid the public internet.

Creating an interface VPC endpoint with AWS PrivateLink for RDS Data API allows all traffic to the RDS Data API to remain within the AWS network, ensuring private access without traversing the public internet.

Gateway VPC endpoints only support AWS services like S3 and DynamoDB; they do not support RDS Data API. Therefore, this option does not apply here.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 × 1 =