Which solution meets these requirements?

By:
On:
In: SAA-C02
Tagged:
With: 0 Comments
A company is running an application in a private subnet in a VPC with an attached internet gateway.The company needs to provide the application access to the internet while restricting public access to the application.The company does not want to manage additional infrastructure and wants a solution that is highly available and scalable.

Which solution meets these requirements?

Create a NAT gateway in the private subnet. Create a route table entry from the private subnet to the internet gateway.

Create a NAT gateway in a public subnet. Create a route table entry from the private subnet to the NAT gateway.

Launch a NAT instance in the private subnet. Create a route table entry from the private subnet to the internet gateway.

Launch a NAT instance in a public subnet. Create a route table entry from the private subnet to the NAT instance.

Explanations:

A NAT gateway must be in a public subnet to provide internet access. Placing it in the private subnet does not work.

A NAT gateway in a public subnet allows instances in the private subnet to access the internet, while restricting inbound traffic from the internet.

A NAT instance in the private subnet cannot route traffic to the internet as the private subnet has no direct route to the internet gateway.

While a NAT instance in a public subnet can route traffic, it is not as scalable or highly available as a NAT gateway. Additionally, managing a NAT instance requires more effort.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 + fourteen =