Answer-first summary for fast verification
Answer: Place a NAT gateway in a public subnet and configure the private subnet's route table to use it as the default route.
Option B is the correct answer. To enable internet access for the EC2 instance in the private subnet without direct internet access, a NAT gateway should be placed in a public subnet. The private subnet's route table should then be configured to use the NAT gateway as the default route. This allows instances in the private subnet to initiate outbound traffic to the internet while preventing direct inbound traffic from the internet.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
An EC2 instance in a private subnet requires internet access for monthly security updates. How should a solutions architect enable this without direct internet access from the subnet?
A
Attach an internet gateway to the VPC and set it as the default route for the private subnet.
B
Place a NAT gateway in a public subnet and configure the private subnet's route table to use it as the default route.
C
Deploy a NAT instance in the EC2 instance's subnet and set it as the default route in the private subnet's route table.
D
Attach an internet gateway to the VPC and place a NAT instance in the EC2 instance's subnet, using the internet gateway as the default route for the private subnet.
No comments yet.