Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 324 discussion

The database must be able to scale based on demand, so Provisioned IOPS volume is out because they will be throttled. A and D are out. EC2 hosted in a private subnet without an internet connection, have to use VPC Endpoint, for DynamoDB, it must be Gateway VPC endpoint. B is the answer.

D is right option. Instance endpoint is for connecting specific instance (primary or replica) and not recommended.

Need a Mongo compatible DB

There is no concept of provision IOPS for DocumentDB , it uses cluster storage so option D (The verbiage ) is incorrect .

MongoDB (document DB) and DynamoDB (key-value) are different. The question says the app uses MongoDB *as* a key-value store, which is odd. Migrating to DynamoDB means data model changes. Options A and D include Provisioned IOPS, which is pricey, but the question doesn't mention cost optimization. AWS says DocumentDB scales, so PIOPS likely fits the "scale on demand" requirement. I lean towards D. If key-value is all that matters, you could use DynamoDB, but that means app changes. With AWS PrivateLink for DynamoDB, B and C are basically the same, making them invalid. So, D seems best, but it's not a slam dunk.

Should be D Document DB is good for MongoDB Manual Scale limit to 15 read replica is not the issue. DynamoDB is not good compatible with MongoDB .... So, what's next if Dynamo is not support Mongo

There seems to be a typo in the answer. The correct answer is DocumentDB with VPC endpoint, making "C" the right choice.

Should be option C. While gateway endpoints can be secured, they still expose the database to the internet, albeit indirectly. DynamoDB can use Interface VPC endpoint to connect to DynamoDB Tables.

B is correct Using a gateway VPC endpoint for DynamoDB (option B) does provide secure communication between your VPC and DynamoDB, and it meets the company's requirement for encrypted connectivity. In fact, using a gateway VPC endpoint can help you achieve several benefits, including: Securely communicate with DynamoDB without exposing your EC2 instances to the public internet Encrypt all outgoing traffic from your VPC to DynamoDB Meet security compliance requirements by controlling access to DynamoDB

Just summarizing from comments :) A and D out because provisioned IOPS is not considered scalable. C is out because DynamoDB only works with gateway vpc endpoint. B works, because MongoDB only used as key value store, it make sense to replace it with DynamoDB with little impact to the requirements.

The key here is Can you use Amazon Dynamodb to replace a MongoDB used as a key-value database and the answer is YES! Amazon DynamoDB supports interface VPC endpoints (AWS PrivateLink). This allows you to securely connect to DynamoDB from your VPC without the need for an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.

D. This is the correct answer. Amazon DocumentDB (with MongoDB compatibility) meets the requirements: 1. It can be hosted in a private subnet without an internet connection, as required by the technical guidelines. 2. Connectivity between the application and the database can be encrypted, as stated in the requirements. 3. Amazon DocumentDB can scale based on demand, which is another requirement mentioned in the question. 4. The use of the cluster endpoint to connect to Amazon DocumentDB is the appropriate approach, as it provides a single, highly available endpoint for the database cluster. Therefore, option D is the solution that best meets the given requirements.

DynamoDB isn't compatible withMongo

EC2 has no such concept called `cluster endpoint`. has to be B

Correct ans: D

D :Compatibility: Amazon DocumentDB, which is compatible with MongoDB, is an ideal choice. This ensures that the application can be migrated with minimal changes. Scalability: can automatically scale the storage and supports read scaling by adding more replicas. This meets the requirement for the database to scale based on demand. Encryption: DocumentDB supports encryption at rest and in transit, ensuring that all data connectivity is encrypted as per the company's guidelines. Private Connectivity: Amazon DocumentDB can be accessed within a VPC using a cluster endpoint, and it does not require internet connectivity, making it suitable for private subnet deployments. Option B: DynamoDB is a managed NoSQL database service that could meet the key-value requirement and scalability. However, it is not MongoDB-compatible, which means significant changes to the application code might be required

D. Create new Amazon DocumentDB (with MongoDB compatibility) tables for the application with Provisioned IOPS volumes. Use the cluster endpoint to connect to Amazon DocumentDB.