I'm curious about the reasoning behind placing RDS and ElastiCache in separate private subnets within an AWS architecture. Since both services utilize their own security groups, isn't it sufficient to have them share a single private subnet?
2 Answers
It's pretty common to have dedicated data subnets without any NAT routes for your data services. While the security benefit of separating ElastiCache and RDS isn't huge since both have their own elastic network interfaces and can use security groups, the bigger security plus comes from ensuring that your data services are in a subnet with no NAT access.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads