AWS Certified SysOps Administrator SOA-C01 – Question016 - AWS Certified SysOps Administrator SOA-C01

You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB). a fleet of web/application servers, and an RDS database. The entire Infrastructure must be distributed over 2 availability zones.
Which VPC configuration works while assuring the database is not available from the Internet?

A. One public subnet for ELB one public subnet for the web-servers, and one private subnet for the database
B. One public subnet for ELB two private subnets for the web-servers, two private subnets for RDS
C. Two public subnets for ELB two private subnets for the web-servers and two private subnets for RDS
D. Two public subnets for ELB two public subnets for the web-servers, and two public subnets for RDS

Correct Answer: C

Explanation:

While using ELB for web applications, ensure that you place all other EC2 instances in private subnets wherever possible.
Except where there is an explicit requirement for instances requiring outside world access and Elastic IP attached, place all the instances in private subnets only. In the Amazon VPC environment, only ELBs must be in the public subnet as secure practice. You will need to select a Subnet for each Availability Zone where you wish traffic to be routed by your load balancer.
If you have instances in only one Availability Zone, please select at least two Subnets in different Availability Zones to provide higher availability for your load balance