Q61 — AWS SOA-C02 Ch.1
Question 61 of 100 | ← Chapter 1
A company hosts its website on Amazon EC2 instances in the us-east-1 Region. The company is preparing to extend its website into the eu-central-1 Region, but the database must remain only in us-east-1. After deployment, the EC2 instances in eu-central-1 are unable to connect to the database in us-east-1. What is the MOST operationally efficient solution that will resolve this connectivity issue?
- A. Create a VPC peering connection between the two Regions. Add the private IP address range of the instances to the inbound rule of the database security group. ✓
- B. Create a VPC peering connection between the two Regions. Add the security group of the instances in eu-central-1 to the outbound rule of the database security group.
- C. Create a VPN connection between the two Regions. Add the private IP address range of the instances to the outbound rule of the database security group.
- D. Create a VPN connection between the two Regions. Add the security group of the instances in eu-central-1 to the inbound rule of the database security group.
Correct Answer: A. Create a VPC peering connection between the two Regions. Add the private IP address range of the instances to the inbound rule of the database security group.
Explanation
跨区域VPC通信需通过VPC对等连接实现网络互通。根据AWS安全组规则设计,入站流量授权通常基于源IP地址段或安全组引用。由于数据库位于us-east-1且需接受eu-central-1的EC2访问,建立跨区VPC对等连接后,必须将eu-central-1实例的私有IP地址段加入数据库安全组入站规则,直接允许指定源IP范围的数据库访问请求,避免跨区安全组引用的复杂性。VPN方案虽可行但需额外配置网关设备,操作效率低于VPC对等连接。