Idea Switching Networking, Security, Automation & Development

Miss a step, miss the whole

A company has developed a new billing application that will be released in two weeks.

Developers are testing the application running on 10 EC2 instances managed by an Auto Scaling group in subnet within VPC A with CIDR block The Developers noticed connection timeout errors in the application logs while connecting to an Oracle database running on an Amazon EC2 instance in the same region within VPC B with CIDR block The IP of the database instance is hard- coded in the application instances.

Which recommendations should a Solutions Architect present to the Developers to solve the problem in a secure way with minimal maintenance and overhead?

  1. Disable the SrcDestCheck attribute for all instances running the application and Oracle Database. Change the default route of VPC A to point ENI of the Oracle Database that has an IP address assigned within the range of
  2. Create and attach internet gateways for both VPCs. Configure default routes to the Internet gateways for both VPCs. Assign an Elastic IP for each Amazon EC2 instance in VPC A
  3. Create a VPC peering connection between the two VPCs and add a route to the routing table of VPC A that points to the IP address range of
  4. Create an additional Amazon EC2 instance for each VPC as a customer gateway; create one virtual private gateway (VGW) for each VPC, configure an end-to-end VPC, and advertise the routes for


要使两个VPC能够通信,文档里有清楚的方法。很明显,答案3符合完全按照手册中的方法来配置,唯独少在VPC B中配置路由这一步。我们不要认为答案有错或者有黑科技可以省去一步。如果答案不符合官方文档,我们可以直接认为它不是合理的答案。