AWS Certified Cloud Practitioner

Explanation

NAT Gateway is the correct answer because:

• NAT Gateway allows instances in a private subnet to connect to the internet or other AWS services, while preventing the internet from initiating connections with those instances
• Private subnets don't have direct internet access through Internet Gateways
• Gateway endpoints (VPC endpoints) provide private connectivity to AWS services like S3 and DynamoDB, but not general internet access
• Network Load Balancer distributes traffic but doesn't provide internet connectivity for private instances
• Amazon Route 53 is a DNS service, not a networking service that provides internet connectivity

Key Points:

• NAT Gateway acts as a bridge between private subnets and the internet
• It performs Network Address Translation (NAT)
• Instances in private subnets can initiate outbound connections but cannot receive inbound connections from the internet
• This maintains security while enabling necessary internet access for updates, downloads, etc.