A company has multiple web applications running on Amazon EC2 instances in private subnets.The EC2 instances require connectivity to the internet for patching purposes, but cannot be publicly accessible.
Which step will meet these requirements?
Add an internet gateway and update the route tables.
Add a NAT gateway to the VPC and update the route tables.
Add an interface endpoint and update the route tables.
Add a virtual gateway to the VPC and update the route tables.
Explanations:
Adding an internet gateway would make the EC2 instances publicly accessible, which violates the requirement of keeping them private.
A NAT gateway allows instances in private subnets to access the internet for updates, without making them publicly accessible.
An interface endpoint provides private access to specific AWS services but does not provide general internet access for patching.
A virtual gateway is used for VPN connections, not for internet access for EC2 instances.