Which solution meets these requirements?
Deploy a NAT gateway inside the public subnet for each Availability Zone and associate it with an Elastic IP address. Update the routing table of the private subnet to use it as the default route.
Deploy a NAT gateway inside the private subnet for each Availability Zone and associate it with an Elastic IP address. Update the routing table of the private subnet to use it as the default route.
Deploy two NAT instances inside the public subnet for each Availability Zone and associate them with Elastic IP addresses. Update the routing table of the private subnet to use it as the default route.
Deploy two NAT instances inside the private subnet for each Availability Zone and associate them with Elastic IP addresses. Update the routing table of the private subnet to use it as the default route.
Explanations:
Deploying a NAT gateway in the public subnet allows the database instances in the private subnet to access the internet securely. The routing table of the private subnet needs to route traffic to the NAT gateway, providing access to patches without exposing the database directly to the internet.
A NAT gateway should not be deployed in a private subnet as it needs to access the internet. A private subnet does not have a route to the internet, making this configuration invalid for allowing external access.
NAT instances should be in a public subnet to provide internet access. Deploying them in the public subnet would require additional management overhead and doesn’t provide the least operational overhead compared to using a NAT gateway.
Similar to option B, deploying NAT instances in a private subnet is incorrect since they cannot access the internet. They must be in a public subnet to facilitate external internet access for the private subnet.