You want to set up a public website on AWS. Your requirements are as follows.
 You want the database and the application server running on AWS VPC. You want the database to be able to connect to the Internet, specifically for patch upgrades.
You do not want to receive any incoming requests from the Internet to the database.
Which of the following solutions would best satisfy all these requirements? 

Answer options:

A.Set up the database in a private subnet with a security group that only allows outbound traffic.
B.Set up the database in a public subnet with a security group that only allows inbound traffic.
C.Set up the database in a local data center and use a private gateway to connect the application to the database.
D.Set up the public website on a public subnet and setup the database in a private subnet that connects to the Internet via a NAT Gateway.

Correct Answer – D
The below diagram from AWS Documentation showcases this architecture.
For more information on the VPC Scenario for public and private subnets, please visit the link below.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html