An organization is setting up RDS for their applications. The organization wants to secure RDS
access with VPC. Which of the following options is not required while designing the RDS with
VPC?

A.
The organization must create a subnet group with public and private subnets. Both the subnets
can be in the same or separate AZ.

B.
The organization should keep minimum of one IP address in each subnet reserved for RDS
failover.

C.
If the organization is connecting RDS from the internet it must enable the VPC attributes DNS
hostnames and DNS resolution.

D.
The organization must create a subnet group with VPC using more than one subnet which are a
part of separate AZs.

Explanation:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables
the user to launch AWS resources, such as RDS into a virtual network that the user has defined.
Subnets are segments of a VPC’s IP address range that the user can designate to a group of
VPC resources based on security and operational needs. A DB subnet group is a collection of
subnets (generally private) that the user can create in a VPC and assign to the RDS DB
instances. A DB subnet group allows the user to specify a particular VPC when creating the DB
instances.
Each DB subnet group should have subnets in at least two Availability Zones in a given region. If
the RDS instance is required to be accessible from the internet the organization must enable the
VPC attributes, DNS hostnames and DNS resolution. For each RDS DB instance that the user
runs in a VPC, he should reserve at least one address in each subnet in the DB subnet group for
use by Amazon RDS for recovery actions.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html