What should a solutions architect do to meet these requirements?
Create an internet gateway, and attach it to the VPC. Configure the private subnet route table to use the internet gateway as the default route.
Create a NAT gateway, and place it in a public subnet. Configure the private subnet route table to use the NAT gateway as the default route.
Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the NAT instance as the default route.
Create an internet gateway, and attach it to the VPC. Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the internet gateway as the default route.
Explanations:
An internet gateway cannot be used with a private subnet for outbound internet access. It is used for public subnets, and the private subnet will not have direct access to the internet.
A NAT gateway in a public subnet allows instances in the private subnet to initiate outbound traffic to the internet while preventing inbound traffic from the internet. This meets the requirement for downloading updates.
A NAT instance needs to be placed in a public subnet, not the same subnet as the EC2 instance. It cannot provide internet access to instances in a private subnet if it is located in the private subnet itself.
An internet gateway alone cannot provide outbound access for a private subnet. A NAT instance should be placed in a public subnet to provide access, not in the same subnet as the EC2 instance.