How can the user set this up?

By:
In: SAP-C01
Tagged:
With: 2 Comments
A user is hosting a public website on AWS.The user wants to have the database and the app server on the AWS VPC.The user wants to setup a database that can connect to the Internet for any patch upgrade but cannot receive any request from the internet.

How can the user set this up?

Setup DB in a private subnet with the security group allowing only outbound traffic.

Setup DB in a public subnet with the security group allowing only inbound data.

Setup DB in a local data center and use a private gateway to connect the application with DB.

Setup DB in a private subnet which is connected to the internet via NAT for outbound.

Explanations:

Setting up the database in a private subnet with a security group that allows only outbound traffic would not allow the database to connect to the internet for patch upgrades since there would be no NAT or route to facilitate the outbound connection.

Placing the database in a public subnet with inbound data allowed would expose it to the internet, violating the requirement that the database cannot receive any requests from the internet.

Setting up the database in a local data center would not utilize AWS resources effectively and complicates connectivity. Additionally, it does not fulfill the requirement to have the database within the AWS VPC.

Setting up the database in a private subnet with a NAT gateway allows outbound internet access for patch upgrades while ensuring that the database remains inaccessible from the internet, meeting all specified requirements.

2026-04-02

2 Comments

  1. Lawrence
    Author

    I deduce that the answer is:
    Setup DB in a private subnet which is connected to the internet via NAT for outbound.

  2. James
    Author

    I assess that the answer is:
    Setup DB in a private subnet which is connected to the internet via NAT for outbound.

Leave a Reply

Your email address will not be published. Required fields are marked *

10 + ten =