What should a solutions architect do to meet these requirements?

By:
On:
In: SAA-C02
Tagged:
With: 0 Comments
An Amazon EC2 instance is located in a private subnet in a new VPC.This subnet does not have outbound internet access, but the EC2 instance needs the ability to download monthly security updates from an outside vendor.

What should a solutions architect do to meet these requirements?

Create an internet gateway, and attach it to the VPC. Configure the private subnet route table to use the internet gateway as the default route.

Create a NAT gateway, and place it in a public subnet. Configure the private subnet route table to use the NAT gateway as the default route.

Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the NAT instance as the default route.

Create an internet gateway, and attach it to the VPC. Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the internet gateway as the default route.

Explanations:

An internet gateway cannot be used with a private subnet for outbound traffic. Private subnets do not have direct access to the internet.

A NAT gateway allows instances in a private subnet to access the internet for updates while preventing inbound traffic from the internet. It should be placed in a public subnet.

A NAT instance should be in a public subnet to allow internet access. Placing it in the same private subnet as the EC2 instance does not enable outbound internet access.

An internet gateway cannot be used for outbound traffic in a private subnet. A NAT instance should be in a public subnet to facilitate outbound internet access for the private subnet.

Leave a Reply

Your email address will not be published. Required fields are marked *

18 + twenty =