Which additional configuration strategy should the solutions architect use to meet these requirements?
Create a security group for the web servers and allow port 443 from 0.0.0.0/0. Create a security group for the MySQL servers and allow port 3306 from the web servers security group.
Create a network ACL for the web servers and allow port 443 from 0.0.0.0/0. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.
Create a security group for the web servers and allow port 443 from the load balancer. Create a security group for the MySQL servers and allow port 3306 from the web servers security group.
Create a network ACL for the web servers and allow port 443 from the load balancer. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.
Explanations:
This option opens port 443 to all sources (0.0.0.0/0) for web servers, which violates the principle of least privilege. It is preferable to restrict access to the load balancer only.
While network ACLs can control traffic, this option also opens port 443 to all sources for the web servers. Additionally, using network ACLs instead of security groups is less flexible and not necessary for this scenario.
This option correctly allows port 443 only from the load balancer to the web servers, which adheres to the principle of least privilege. It also allows port 3306 only from the web servers to the MySQL servers, which is the intended communication path.
Similar to option B, this option uses network ACLs instead of security groups. It also opens port 443 from the load balancer, but using network ACLs is not ideal for this architecture, as security groups provide better management and flexibility.