AWS Certified Solutions Architect - Professional (#45)

An organization is planning to host a web application in the AWS VPC. The organization does not want to host a database in the public cloud due to statutory requirements. How can the organization setup in this scenario?

The organization should plan the app server on the public subnet and database in the organization's data center and connect them with the VPN gateway.
The organization should plan the app server on the public subnet and use RDS with the private subnet for a secure data operation.
The organization should use the public subnet for the app server and use RDS with a storage gateway to access as well as sync the data securely from the local data center.
The organization should plan the app server on the public subnet and database in a private subnet so it will not be in the public cloud.