Logo
AWS Certified Solutions Architect - Professional / Question #853 of 529

Question #853

A company is migrating their legacy application from an on-premises environment to AWS. The application utilizes a NoSQL database for storing transactional data. The company's guidelines require all Amazon EC2 instances to be deployed in private subnets with no internet access. All communications between the application and database must be encrypted, and the database must automatically scale its capacity in response to workload fluctuations. Which solution meets these requirements?

A

Deploy Amazon DocumentDB (with MongoDB compatibility) clusters using Provisioned IOPS storage. Connect to the database using the cluster endpoint.
B

Configure Amazon DynamoDB tables with on-demand capacity. Use a gateway VPC endpoint for DynamoDB to establish connectivity.
C

Set up Amazon DynamoDB tables with on-demand capacity. Utilize an interface VPC endpoint for DynamoDB to enable access.
D

Implement Amazon DocumentDB (with MongoDB compatibility) clusters with Provisioned IOPS volumes. Connect to the database using the instance endpoint.

Explanation

The requirements include deploying EC2 instances in private subnets with no internet, encrypted communication, and automatic database scaling.

- Option B correctly uses DynamoDB with on-demand capacity, which auto-scales based on workload. A gateway VPC endpoint allows secure, private connectivity to DynamoDB without internet access. DynamoDB encrypts data by default, meeting encryption requirements.

- Option A/C/D Issues:
- A/D: DocumentDB uses Provisioned IOPS, which does not auto-scale storage capacity. Scaling requires manual intervention (e.g., adding replicas).
- C: DynamoDB uses gateway VPC endpoints, not interface endpoints. Interface endpoints are for other services (e.g., SQS).
- D: Using DocumentDB's instance endpoint ties connections to a single node, hindering scalability.

Key Points:
- DynamoDB on-demand auto-scales and uses gateway VPC endpoints.
- Gateway endpoints (for S3/DynamoDB) enable private subnet access without NAT/internet.
- DocumentDB requires manual scaling and uses cluster/instance endpoints, which may not meet auto-scaling needs.

Answer

The correct answer is: B