You have a MySQL cluster that is hosted in AWS.
The nodes in the cluster currently work with private IP addresses.
There is a self-referencing security group that is used for securing access across the nodes of the cluster.
There is now requirement to ensure that disaster recovery is in place for these nodes in another AWS region with database replication to it with only private access being enabled.
How can you achieve communication across the nodes between different AWS regions securely?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - D.
You need to use a VPN IPSec tunnel for secure communication across the Internet between the regions.
Option A is invalid because public IP addresses via the Internet is not a secure way for communication.
Option B is invalid because private IP addresses are not routable via the Internet.
Option C is invalid because the same security groups cannot be accessed across regions.
For more information on VPN connections, please refer to the below URL.
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpn-connections.htmlTo achieve communication across the nodes between different AWS regions securely, we have multiple options to choose from.
Option A, which suggests using public IP addresses and SSL certificates for secure communication, is not recommended as it introduces unnecessary security risks by exposing the cluster to the internet.
Option B, which suggests using private IP addresses and SSL certificates for secure communication, is a good option, but it requires additional configuration to enable communication between different AWS regions.
Option C, which suggests creating a VPN IPSec tunnel and ensuring the nodes in the different region reference the security groups assigned to the nodes in the primary region, is a good option for achieving secure communication between different AWS regions.
By creating a VPN IPSec tunnel between the VPCs in the primary and the disaster recovery region, all traffic between the two VPCs is encrypted, and secure communication is established. To ensure that the nodes in the different region reference the security groups assigned to the nodes in the primary region, we need to add the security group of the primary region to the ingress rules of the security group in the disaster recovery region.
Option D, which suggests creating a VPN IPSec tunnel and ensuring the nodes in the different region reference the VPC CIDR block in their security groups, is also a good option for achieving secure communication between different AWS regions.
By creating a VPN IPSec tunnel between the VPCs in the primary and the disaster recovery region, all traffic between the two VPCs is encrypted, and secure communication is established. To ensure that the nodes in the different region reference the VPC CIDR block in their security groups, we need to add the CIDR block of the primary region to the ingress rules of the security group in the disaster recovery region.
In summary, both Option C and Option D are good options for achieving secure communication between different AWS regions. The choice between them would depend on the specific requirements and constraints of the deployment.