AWS Web Application Hosting: Secure Setup

Connect EC2 Instance to Oracle Database: Secure Configuration

Prev Question Next Question

Question

You have planned to host a web application on AWS.

You create an EC2 Instance in a public subnet that needs to connect to an EC2 Instance that will host an Oracle database.

Which steps would ensure a secure setup? (SELECT TWO)

Answers

A. Place the EC2 Instance with the Oracle database in the same public subnet as the Webserver for faster communication.

B. Place the ec2 instance that will host the Oracle database in a private subnet.

C. Create a database Security group which allows incoming traffic only from the Web server`s security group.

D. Ensure that the database security group allows incoming traffic from 0.0.0.0/0.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - B and C.

The best and most secure option is to place the database in a private subnet.

The below diagram from AWS Documentation shows this setup.

Also, you ensure that access is not allowed from all sources but only from the web servers.

Option A is incorrect because DB instances are placed in Private subnets and allowed to communicate with web servers in the public subnet as per the best practice guidelines.

Option D is incorrect because allowing all incoming traffic from the Internet to the DB instance is a security risk.

For more information on this type of setup, please refer to the below URL:

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

$198.51. 198.51] 198.51. \t 100.1 IP) 10.0.0.5 ea 02 ecg gaa | 100.3 (Elastic IP) 10.0.0.7 NAT gateway ‘Web servers 198 51.100.4 (Elastic IP) Public subnet Custom route table Destination Target 10.0.0.0/16 local 0.0.0.0/0 igw-id a Main route table Destination Target 10.0.0.0/16 local 0.0.0.0/0 nat-gateway-id 10.0.0.0/16 Region$

The most secure way to host a web application on AWS and ensure secure communication between the web server and the database is to place the web server in a public subnet and the database server in a private subnet. This will ensure that the database server is not directly accessible from the internet.

Therefore, options A and D are not correct.

The correct steps to ensure a secure setup are:

B. Place the EC2 instance that will host the Oracle database in a private subnet: A private subnet is not directly accessible from the internet, which provides an additional layer of security. The web server in the public subnet can still communicate with the database server using private IP addresses, but the database server is not exposed to the public internet.

C. Create a database Security group which allows incoming traffic only from the Web server's security group: A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. By creating a security group for the database server, you can ensure that only traffic from the web server's security group is allowed to access the database server. This minimizes the attack surface and reduces the risk of unauthorized access to the database.

Therefore, options B and C are the correct choices.

Prev Question Next Question