An application runs on an Amazon EC2 instance that has an Elastic IP address in VPC A. The application requires access to a database in VPC B. Both VPCs are in the same AWS account. Which solution will provide the required access MOST securely?
- A. Create a DB instance security group that allows all traffic from the public IP address of the application in VPC A.
- B. Configure a VPC peering connection between VPC A and VPC B.
- C. Make the DB instance publicly accessible. Assign a public IP address to the DB instance.
- D. Launch an EC2 instance with an Elastic IP address into VPC B. Proxy all requests through the new EC2 instance
My answer is: Answer A.
The reason is, vpc A and vpc B, both are in the same aws account. There is an elastic IP in the EC2. Elastic IP mean, it is a public IP. But even it is public, the IP will not change. So this static IP does not behave like a normal public IP address. So even it is expose to the public, the IP address could not be able to own by someone else, Because, it is an aws account owned Elastic IP address.
B is wrong according to me. The reason is with the vpc peering, all the resources within the vpc A and vpc B will get access to each other. I think this is not a good practise.
By considering above two concerns, I think answer would be A. Am I correct?