Which combination of steps does the Database Specialist need to take to meet these new requirements?
(Choose three.)
Modify the pg_hba.conf file. Add the required corporate network IPs and remove the unwanted IPs.
Modify the associated security group. Add the required corporate network IPs and remove the unwanted IPs.
Move the DB instance to a private subnet using AWS DMS.
Enable VPC peering between the application host running on the corporate network and the VPC associated with the DB instance.
Disable the publicly accessible setting.
Connect to the DB instance using private IPs and a VPN.
Explanations:
Modifying thepg_hba.conffile does not directly limit access to the DB instance based on IPs from the corporate network. AWS RDS manages the PostgreSQL configuration and does not provide direct access to modify this file.
Modifying the associated security group to allow only the required corporate network IPs ensures that only these IPs can access the DB instance, meeting the security requirement.
Moving the DB instance to a private subnet using AWS DMS is not necessary to restrict access based on IP. The DB instance can remain in its current subnet as long as the correct security group settings are applied.
VPC peering is not required for this scenario. The access restriction can be handled by the security group and other settings, and VPC peering is typically used for allowing traffic between different VPCs, not limiting IP access.
Disabling the publicly accessible setting ensures that the DB instance is only accessible through private IPs, eliminating direct access from the public internet, which aligns with the security requirement.
Connecting to the DB instance using private IPs and a VPN ensures secure connectivity from the corporate network only. This eliminates exposure to the public internet and restricts access to the corporate network via a private channel.