0
0
AWScloud~10 mins

RDS security (encryption, security groups) in AWS - Interactive Code Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to enable encryption for the RDS instance.

AWS
resource "aws_db_instance" "example" {
  allocated_storage    = 20
  engine               = "mysql"
  instance_class       = "db.t3.micro"
  name                 = "mydb"
  username             = "admin"
  password             = "password"
  parameter_group_name = "default.mysql8.0"
  storage_encrypted    = [1]
}
Drag options to blanks, or click blank then click option'
Atrue
Bfalse
C"yes"
D1
Attempts:
3 left
💡 Hint
Common Mistakes
Using string values like "yes" instead of boolean true.
Setting encryption to false or 1 which are incorrect types.
2fill in blank
medium

Complete the code to allow inbound MySQL traffic on port 3306 in the security group.

AWS
resource "aws_security_group_rule" "mysql_inbound" {
  type              = "ingress"
  from_port         = 3306
  to_port           = 3306
  protocol          = "[1]"
  security_group_id = aws_security_group.db_sg.id
  cidr_blocks       = ["0.0.0.0/0"]
}
Drag options to blanks, or click blank then click option'
Aicmp
Budp
Ctcp
Dhttp
Attempts:
3 left
💡 Hint
Common Mistakes
Using UDP or ICMP which are not used by MySQL.
Using 'http' which is not a protocol value.
3fill in blank
hard

Fix the error in the security group rule to restrict access only from a specific IP.

AWS
resource "aws_security_group_rule" "restricted_access" {
  type              = "ingress"
  from_port         = 5432
  to_port           = 5432
  protocol          = "tcp"
  security_group_id = aws_security_group.db_sg.id
  cidr_blocks       = ["[1]"]
}
Drag options to blanks, or click blank then click option'
A0.0.0.0/0
B192.168.1.100/32
C192.168.1.0
D255.255.255.255
Attempts:
3 left
💡 Hint
Common Mistakes
Using 0.0.0.0/0 which allows all IPs.
Using IP without CIDR mask or invalid CIDR.
4fill in blank
hard

Fill both blanks to create a security group rule that allows inbound HTTPS traffic only from a specific security group.

AWS
resource "aws_security_group_rule" "https_inbound" {
  type                     = "ingress"
  from_port                = 443
  to_port                  = 443
  protocol                 = "tcp"
  security_group_id        = aws_security_group.app_sg.id
  [1]               = aws_security_group.web_sg.id
  [2]               = []
}
Drag options to blanks, or click blank then click option'
Asource_security_group_id
Bcidr_blocks
Cipv6_cidr_blocks
Ddescription
Attempts:
3 left
💡 Hint
Common Mistakes
Using cidr_blocks with IP ranges instead of security group ID.
Leaving cidr_blocks undefined or non-empty.
5fill in blank
hard

Fill all three blanks to define an encrypted RDS instance with a security group allowing inbound traffic only from a trusted IP range.

AWS
resource "aws_db_instance" "secure_db" {
  allocated_storage    = 50
  engine               = "postgres"
  instance_class       = "db.t3.medium"
  name                 = "securedb"
  username             = "admin"
  password             = "securepass"
  storage_encrypted    = [1]
  vpc_security_group_ids = [[2]]
}

resource "aws_security_group" "db_sg" {
  name        = "db_sg"
  description = "Allow trusted IPs"
  vpc_id      = "vpc-123456"
}

resource "aws_security_group_rule" "trusted_ip_rule" {
  type              = "ingress"
  from_port         = 5432
  to_port           = 5432
  protocol          = "tcp"
  security_group_id = aws_security_group.db_sg.id
  cidr_blocks       = ["[3]"]
}
Drag options to blanks, or click blank then click option'
Atrue
Baws_security_group.db_sg.id
C10.0.0.0/24
Dfalse
Attempts:
3 left
💡 Hint
Common Mistakes
Setting encryption to false or a string.
Using security group name instead of ID.
Using invalid CIDR notation or open IP ranges.