Your team is planning to develop and deploy an application onto AWS with the following architecture.
· A set of EC2 Instances in a VPC hosting the web tier
· A database hosted using the AWS RDS MySQL instance
Which of the following should ideally be set so that only HTTPS users can access the web application and for the web application to access the database? (Choose 2)

Answer options:

A.An Inbound Security group rule for the web EC2 Instances allowing traffic from the source of 0.0.0.0/0 and port 443
B.An Inbound Security group rule for the database layer allowing traffic from the source of 0.0.0.0/0 and port 443
C.An Inbound Security group rule for the web EC2 Instances allowing traffic from the source of the database on port 3306
D.An Inbound Security group rule for the database layer allowing traffic from the source of the web layer on port 3306

Answer – A and D
Option A is correct because port 443 will allow only HTTPS traffic from all sources.
Option D is correct because the Database server Security Group must allow traffic from the source Web server on port 3306.
Option B is invalid since the database should not be exposed to the Internet.
Option C is invalid since the database security group should allow incoming traffic on port 3306.
Please refer to the below URL and go to the Security section for more information on this scenario.
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html