Which solution meets these requirements?
Provision a NAT instance in a public subnet. Modify each private subnet’s route table with a default route that points to the NAT instance.
Provision a NAT instance in a private subnet. Modify each private subnet’s route table with a default route that points to the NAT instance.
Provision a NAT gateway in a public subnet. Modify each private subnet’s route table with a default route that points to the NAT gateway.
Provision a NAT gateway in a private subnet. Modify each private subnet’s route table with a default route that points to the NAT gateway.
Explanations:
A NAT instance in a public subnet would allow instances in private subnets to access the internet. However, NAT instances require more operational maintenance compared to a NAT gateway, which is a managed service that handles scaling and redundancy automatically.
A NAT instance in a private subnet would not be able to route traffic to the internet since it would lack a public IP address. Instances in private subnets need to route traffic to a NAT instance located in a public subnet to access the internet.
A NAT gateway in a public subnet provides a fully managed solution that allows instances in private subnets to initiate outbound traffic to the internet. It simplifies management and scaling compared to a NAT instance and is the recommended solution for this scenario.
A NAT gateway must be placed in a public subnet to enable internet access. If it were in a private subnet, it would not have a route to the internet and would not facilitate communication for instances in the private subnets.