🔥 3-day streak
AWS Certified Security - Specialty131 / 157
Question 131 of 157
A company runs a three-tier application in a single VPC. The web tier is an Auto Scaling group behind an internet-facing ALB, the application tier is an Auto Scaling group of EC2 instances, and the database tier is Amazon RDS. Instances scale frequently, so their private IP addresses change constantly. The security team wants the application tier to accept traffic only from the web tier, and the database tier to accept traffic only from the application tier, without maintaining CIDR-based rules that break when instances are replaced. What is the MOST maintainable way to configure the security groups?
Reviewed for accuracy · Report an issueNext question