Which AWS managed service allows this?

By: study aws cloud

Tagged: Cloud Practitioner

With: 1 Comment

A company has an Amazon EC2 instance in a private subnet.The company wants to initiate a connection to the internet to pull operating system updates while preventing traffic from the internet from accessing the EC2 instance.

Which AWS managed service allows this?

VPC endpoint

NAT gateway

Amazon PrivateLink

VPC peering

Explanations:

A VPC endpoint allows private connections to services within AWS without needing an internet gateway, but it does not enable outbound internet access for updates. It is primarily used for accessing AWS services privately without traversing the internet.

A NAT gateway is specifically designed to allow instances in a private subnet to initiate outbound connections to the internet while preventing unsolicited inbound traffic from the internet. This makes it suitable for pulling OS updates while keeping the instance secure.

Amazon PrivateLink provides private connectivity to services across VPCs and does not facilitate general outbound internet access. It allows you to access services without exposing your VPC to the internet, which does not meet the requirement of pulling updates from the internet.

VPC peering allows two VPCs to communicate privately, but it does not provide a means for instances in a private subnet to connect to the internet. It is primarily used for inter-VPC communication rather than internet access.

Previous Post: Which solution meets these requirements?

Next Post: These are the initial settings for the default security group:?

1 Comment

Author

If I’m correct, the answer is:
NAT gateway

Nancy

3 hours ago

Permalink

Reply

Leave a Reply Cancel reply