A Startup company is launching a three-tier application with the Multicontainer Docker platform. This application needs to be integrated with the Amazon RDS database instance. The application will be launched using AWS Elastic Beanstalk. As an AWS consultant for this company, you need to design the environment for blue/green deployment and decoupled architecture in the production environment. What would you recommend for integrating the Amazon RDS database with AWS Elastic Beanstalk?

Answer options:

A.Launch Amazon RDS instance within the same AWS Elastic Beanstalk environment, setting connection string to the database in environment properties.
B.Launch Amazon RDS instance outside the AWS Elastic Beanstalk environment storing the connection string in the S3 bucket.
C.Launch Amazon RDS instance within the same AWS Elastic Beanstalk environment storing the connection string in the S3 bucket.
D.Launch Amazon RDS instance outside AWS Elastic Beanstalk environment, setting connection string to the database in environment properties.

Correct Answer – B
AWS Elastic Beanstalk provisions and configures all the AWS resources required to run and support your application. For the Amazon RDS database instance to be launched in the production environment, the best practice is to launch it outside the AWS Elastic Beanstalk environment. It helps in having multiple environments connecting to a single database, using database types not supported with the integrated database, performing blue/green deployments. Also, the database instance remains up & running when the AWS Elastic Beanstalk environment is terminated.
For a production environment, you can launch a database instance outside of your environment and configure your application to connect to it outside of the functionality provided by Elastic Beanstalk. Using a database instance that is external to your environment requires additional security group and connection string configuration.
Providing connection information to your application with environment properties is a good way to keep passwords out of your code, but it`s not a perfect solution. Environment properties are discoverable in the environment management console and can be viewed by any user with permission to describe configuration settings on your environment. Depending on the platform, environment properties may also appear in instance logs.
You can lock down your connection information by storing it in an Amazon S3 bucket that you control. The basic steps are as follows:
Upload a file that contains your connection string to an Amazon S3 bucket.
Grant the EC2 instance profile permission to read the file.
Configure your application to download the file during deployment.
Read the file in your application code.
Option A is incorrect as launching Amazon RDS in an AWS Elastic Beanstalk environment is suitable for test/development purposes & not for a production environment. If the AWS Elastic Beanstalk environment is terminated, the Amazon RDS database instance is also terminated.
Option C is incorrect as launching Amazon RDS in an AWS Elastic Beanstalk environment is suitable for test/development purposes & not for the production environment.
Option D is incorrect. When the Amazon RDS instance is launched outside the AWS Elastic Beanstalk environment, the best practice is to save the connection string in the Amazon S3 bucket.
For more information on launching Amazon RDS instance with AWS Elastic Beanstalk and storing the connection string, refer to the following URLs-
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.managing.db.html
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.RDS.html
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/rds-external-credentials.html