Exam AWS Certified Solutions Architect - Professional topic 1 question 10 discussion

As per CG expert It can't be A because the scenario specifically requires persistence. According to http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.managing.db.html "A database instance that is part of your environment is tied to the lifecycle of your environment. If you terminate the environment, the database instance is terminated as well. An integrated database instance also cannot be removed from your environment once added." It can't be B because we never have access to the IP address of any RDS instance. C & D are very similar except that the scenario requirements specifically state that optimal security should be applied. It can't be D because RDS is opened to all "hosts in your application subnets" where C only opens RDS to specific client machines in a specific security group. C is the correct answer.

C. Create your RDS instance separately and pass its DNS name to your app's DB connection string as an environment variable. Create a security group for client machines and add it as a valid source for DB traffic to the security group of the RDS instance itself.

How on Earth is A marked correct. As part of your Beanstalk means when it get terminated, you loose your data. C is the only answer that makes sense. c

A cannot be because when you deploy RDS with EB, you dont get to manage the SGs. This is only available when RDS is created independently.

C is perfect

I believe C as the correct answer.

I believe C as the correct answer.

It seems the question is not very clear or missing something. Just compare the answers as below, I choose C. A is not the kind of answer in the group (may not be the right answer) B DNS, not IP should be used (also it is not the kind of answer in the group beside A) C is better than D. As security group are source is more secure than subnet CIDR.

we have two requirements: a) roll out sanitized set of production data nightly b) grant access to ec2 instances in our vpc(operated by others) Now a) is a very interesting requirement. It says data should *not* be kept but replaced every night. *This database is not the source of truth*. *It should not be persisted* This means nightly recreation is not only an option but mandatory. Keeping old unsanitized data is against this requirement. The only answer that in some way addresses requirement a) is answer A. The database is recreated with deployment which can happen over night. Requirement b is fulfilled by security group setting.

A is correct because it's required in testing environment only.

A is correct because it's required in testing environment only.

Agree with C. RDS should be separate.

I’ll go with C.

C Correct

C is the. answer

I choose C. How do they choose the correct answer, random?

A is correct !