Answer: Provision a NAT gateway in a public subnet. Modify each private subnet's route table with a default route that points to the NAT gateway.

## Explanation **Correct Answer: C** **Why Option C is correct:** 1. **NAT Gateway** is a managed AWS service that automatically scales and requires minimal operational maintenance compared to NAT instances. 2. **NAT Gateway must be placed in a public subnet** because it needs to have a public IP address and internet connectivity to route traffic to the internet. 3. **Route table modification** is required to direct traffic from private subnets to the NAT gateway. 4. This solution provides a fully managed, highly available, and scalable solution for EC2 instances in private subnets to access the internet. **Why other options are incorrect:** - **Option A (NAT instance in public subnet):** While NAT instances can work, they are not "managed solutions" - they require manual management, patching, scaling, and high availability configuration. - **Option B (NAT instance in private subnet):** NAT instances cannot be placed in private subnets because they need internet connectivity. They require public IP addresses. - **Option D (NAT gateway in private subnet):** NAT gateways must be placed in public subnets to have internet access. They cannot function in private subnets. **Key AWS Concepts:** - **NAT Gateway:** Managed service that allows instances in private subnets to connect to the internet or other AWS services while preventing the internet from initiating connections with those instances. - **Public vs Private Subnets:** Public subnets have a route to an Internet Gateway; private subnets do not. - **Route Tables:** Control traffic routing between subnets and to external networks. - **Managed Solution:** AWS handles maintenance, patching, scaling, and high availability.

Author: LeetQuiz Editorial Team