You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same Availability Zone (AZ) but in different subnets.
One instance is running a database and the other instance an application that will interface with the database.
You want to confirm that they can talk to each other for your application to work properly.
Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate inside the VPC? Choose 2 answers.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A and D.
When you design a web server and database server, the security groups must be defined so that the web server can talk to the database server.
An example image from the AWS documentation is given below.
Also when communicating between subnets you need to have the NACL's defined.
For more information on VPC and Subnets, please visit the below URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.htmlThe correct answers for this question are A and D.
A. A network ACL that allows communication between the two subnets: Network ACLs act as a firewall for controlling traffic to and from subnets in a VPC. By default, all traffic is blocked in and out of a subnet. Therefore, you need to confirm that there is a network ACL rule allowing traffic to pass between the two subnets. Network ACLs operate at the subnet level, so you need to ensure that the network ACLs of both subnets have rules allowing traffic between them.
D. Security groups are set to allow the application host to talk to the database on the right port/protocol: Security groups act as virtual firewalls that control inbound and outbound traffic to and from EC2 instances. You need to confirm that the security group of the database instance allows incoming traffic from the security group of the application instance on the right port/protocol.
B. Both instances are the same instance class and using the same Key-pair: This option is not relevant to the question because instance class and key-pair do not affect communication between instances in a VPC.
C. That the default route is set to a NAT instance or internet Gateway (IGW) for them to communicate: This option is also not relevant to the question. A default route is needed for instances in private subnets to reach the internet, but the question does not require internet access for the instances to communicate with each other.