Which solution will meet these requirements?
Provision an Elastic IP address. Host the application servers on Amazon EC2 instances in a private subnet. Assign the public IP address to the application servers.
Create a NAT gateway in a public subnet. Host the application servers on Amazon EC2 instances in a private subnet. Route payment requests through the NAT gateway.
Deploy an Application Load Balancer (ALB). Host the application servers on Amazon EC2 instances in a private subnet. Route the payment requests through the ALB.
Set up an AWS Client VPN connection to the payment service. Host the application servers on Amazon EC2 instances in a private subnet. Route the payment requests through the VPN.
Explanations:
Provisioning an Elastic IP address and hosting application servers in a private subnet while assigning a public IP address would expose those servers directly to the internet, violating the company’s security policy.
Creating a NAT gateway allows the application servers in a private subnet to initiate outbound connections to the payment service without exposing the servers directly to the public internet. This way, the public IP of the NAT gateway can be allowed by the payment service.
An Application Load Balancer (ALB) can route requests but does not provide the necessary outbound connection for servers in a private subnet to reach the payment service. Additionally, the ALB would still expose the application to the internet, which conflicts with the company’s security policies.
Setting up a VPN connection to the payment service adds complexity and does not fulfill the requirement of allowing a public IP address to be recognized by the payment service. Moreover, it does not directly address the need for outbound internet access from a private subnet.