You have a set of applications, databases and web servers hosted in AWS.
The web servers are placed behind an ELB.
There are separate security groups for the application, database and web servers.
The security groups have been defined accordingly.
There is an issue with the communication between the application and database servers.
In order to troubleshoot the issue between just the application and database server, what is the ideal set of MINIMAL steps you would take?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A.
Here since the communication would be established inward to the database server and outward from the application server, you need to ensure that the Outbound rules for application server security groups and the Inbound rules for database server security groups are checked.
Option B is incorrect because it says that we need to check the outbound security group for the database, which is unnecessary.
Option C is incorrect because you do not need to check for the Outbound security rules for the database security group.
Option D is incorrect because you do not need to check for Inbound security rules for the application security group.
For more information on Security Groups, please refer to the below URL:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.htmlTo troubleshoot the issue between just the application and database server, you should follow these steps:
Step 1: Identify the security groups for the application and database servers The security groups for the application and database servers should be identified.
Step 2: Check the Inbound security rules for the database security group. The Inbound security rules for the database security group should be checked to ensure that the traffic from the application security group is allowed on the appropriate ports. If the ports are not open, you will need to add a new rule to allow traffic from the application security group.
Step 3: Check the Outbound security rules for the application security group. The Outbound security rules for the application security group should be checked to ensure that the traffic to the database security group is allowed on the appropriate ports. If the ports are not open, you will need to add a new rule to allow traffic to the database security group.
Step 4: Test the connectivity between the application and database servers Once the necessary security group rules have been updated, you should test the connectivity between the application and database servers. If the connectivity issue has been resolved, you should also test the functionality of the application to ensure that it is working properly.
Based on the above steps, the ideal set of minimal steps would be Option A - Check the Inbound security rules for the database security group. Check the Outbound security rules for the application security group. This is because it focuses on the specific security group rules that are most likely to cause communication issues between the application and database servers.