Exam AWS Certified Database - Specialty topic 1 question 231 discussion

Option C is correct. Option D has a slight caveat. While, you could create a new DMS subnet group (within DMS console) with private subnets however, you can't attach this newly subnet group to an existing DMS instance. This isn't supported and I have tested that in AWS console. What this note (https://repost.aws/knowledge-center/dms-disable-public-access) is describing is slightly different than some of us are interpreting and choosing option D. As per this note, you could remove the public subnets and choose only the private subnets of an EXISTING SUBNET Group and I've tried this. I modified the existing subnet group of an existing DMS instance. I removed all public subnets and chose only 2 private subnets. This worked however, option D is not talking about modifying an existing subnet group. It is saying that we should create a new subnet group and associate that with existing DMS instance which I've already mentioned above is an unsupported option at this moment. Therefore option D is incorrect.

D is most easy way to fix the issue. https://aws.amazon.com/premiumsupport/knowledge-center/dms-disable-public-access/ To disable public access to your replication instance, delete the replication instance and then recreate it. Before you can delete a replication instance, you must delete all the tasks that use the replication instance. Instead of recreating the replication instance, you can change the subnets that are in the subnet group that is associated with the replication instance to private subnets.

I vote D

it's C https://repost.aws/knowledge-center/dms-disable-public-access

Changing the instance from Public to Private would require deleting all the taskj, delete the replication instance, recreate the instance, recreate the tasks... From the Knowledge Center: "Instead of recreating the replication instance, you can change the subnets that are in the subnet group that is associated with the replication instance to private subnets."

https://aws.amazon.com/premiumsupport/knowledge-center/dms-disable-public-access/ - C is the answer

I would try D, and looking the comments shouldn't be any problem.

The question is confusing because it says that the "replication instance must not be accessible from public" which means it should be in a private subnet group which also means that the instance must be dropped and re-created in the private subnet group but the option doesn't say to re-create the instance. IP addresses.

Answer is D: Instead of recreating the replication instance, you can change the subnets that are in the subnet group that is associated with the replication instance to private subnets. A private subnet is a subnet that isn't routed to an internet gateway. Instances in a private subnet can't communicate with a public IP address, even if they have a public IP address. For more information, see Setting up a network for a replication instance. https://docs.aws.amazon.com/dms/latest/userguide/CHAP_ReplicationInstance.VPC.html

D as it is indeed possible to change subnet group to private according to https://aws.amazon.com/premiumsupport/knowledge-center/dms-disable-public-access Actually, C and D are correct, but D could be easier

C. D is wrong . We cannot modify DMS instance to assign a new subnet group with private subnets .

C will ensure there will be no public access

Dx : Not create VPC subnet. Change the subnets that are in the subnet group that is associated with the replication instance to private subnets.

https://aws.amazon.com/premiumsupport/knowledge-center/dms-disable-public-access/

From link provided, obviously C or D would work. I'd vote D, as it would be an easier fix. Kind of a dumb question, as there are two legit answers.

C is correct

delete and create again with new publicly accessible option. https://aws.amazon.com/premiumsupport/knowledge-center/dms-disable-public-access/