Your company is planning on hosting a set of EC2 Instances in AWS. The Instances would be configured in a way that one will be used as a web tier and the other as a database (EC2 Hosted). The web tier should be exposed to the Internet in the Public Subnet and Database is in Private Subnet in the same VPC with the default configuration. What configuration needs to be done in order to let Web Server communicate with Database Server?

Answer options:

A.Change the main route tables to have the desired routing between the subnets
B.Ensure that the Security Groups have the required rules defined to allow traffic
C.Ensure that all instances have a public IP for communication
D.Ensure that all subnets are defined as public subnets

Answer – B
The AWS Documentation mentions the following
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don`t specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC
Main route table
The first entry is the default entry for local routing in the VPC; this entry enables the instances in the VPC to communicate with each other.
Destination
Target
10.0.0.0/16
local
Option A is invalid since the main route table will have the required rules to route traffic between subnets in a VPC (By default). No change is required there.
Refer below URL for more details,
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html#VPC_Scenario2_Routing
Option C is invalid since the instances would communicate with each other on the private IP
The primary reason to use the Private IP of an EC2 instance is to route the traffic internally within your VPC.If you use the private IP to communicate, traffic will stay within the VPC, it will not be routed out, the routing table will route it internally
Option D is invalid since the database should be in the private subnet and not the public subnet
This question asks for communication between subnets.
For more information on Security Groups, please visit the below URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.htm