AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company runs a public three-tier web application in a VPC. The application runs on Amazon EC2 instances across multiple Availability Zones. The EC2 instances that run in private subnets need to communicate with a license server over the internet. The company needs a managed solution that minimizes operational maintenance.
Which solution meets these requirements?
Other
Community
UAnonymous
A
Provision a NAT instance in a public subnet. Modify each private subnet's route table with a default route that points to the NAT instance.
B
Provision a NAT instance in a private subnet. Modify each private subnet's route table with a default route that points to the NAT instance.
C
Provision a NAT gateway in a public subnet. Modify each private subnet's route table with a default route that points to the NAT gateway.
D
Provision a NAT gateway in a private subnet. Modify each private subnet's route table with a default route that points to the NAT gateway.
Explanation:
Explanation
Correct Answer: C
Why Option C is correct:
- NAT Gateway is a managed AWS service that automatically scales and requires minimal operational maintenance compared to NAT instances.
- NAT Gateway must be placed in a public subnet because it needs to have a public IP address and internet connectivity to route traffic to the internet.
- Route table modification is required to direct traffic from private subnets to the NAT gateway.
- This solution provides a fully managed, highly available, and scalable solution for EC2 instances in private subnets to access the internet.
Why other options are incorrect:
- Option A (NAT instance in public subnet): While NAT instances can work, they are not "managed solutions" - they require manual management, patching, scaling, and high availability configuration.
- Option B (NAT instance in private subnet): NAT instances cannot be placed in private subnets because they need internet connectivity. They require public IP addresses.
- Option D (NAT gateway in private subnet): NAT gateways must be placed in public subnets to have internet access. They cannot function in private subnets.
Key AWS Concepts:
- NAT Gateway: Managed service that allows instances in private subnets to connect to the internet or other AWS services while preventing the internet from initiating connections with those instances.
- Public vs Private Subnets: Public subnets have a route to an Internet Gateway; private subnets do not.
- Route Tables: Control traffic routing between subnets and to external networks.
- Managed Solution: AWS handles maintenance, patching, scaling, and high availability.
Comments
Loading comments...