You are planning to host a web and MySQL database application in an AWS VPC. The database should only be accessible by the web server. What would you change to fulfill this requirement?

Answer options:

A.Environment variables
B.AWS RDS Parameter Groups
C.Route Tables
D.Security groups

Correct Answer – D
The security group associated with the DB instance should allow port 3306 traffic from the EC2 instance. The AWS Documentation additionally mentions the following.
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign a maximum of five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don`t specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.For more information on VPC Security Groups, please visit the link below.
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html