Q18 — AWS SAA-C03 Ch.1
Question 18 of 65 | ← Chapter 1
Q18. A company has an Amazon EC2 instance running on a private subnet that needs to access a public websites to download patches and updates. The company does not want external websites to see the EC2 instance IP address or initiate connection to it.How can a solution architect achieve this objective?
- A. Create a site-to-site VPN connection between the private subnet and the network in which the public site is deployed
- B. Create a NAT gateway in a public subnet Route outbound traffic from the private subnet through the NAI gateway ✓
- C. Create a network ACL for the private subnet where the EC2 instance deployed only allows access from the IP address range of the public website
- D. Create a security group that only allows connections from the IP address range of the public website.Attach the security group to the EC2 instance.
Correct Answer: B. Create a NAT gateway in a public subnet Route outbound traffic from the private subnet through the NAI gateway
Explanation
You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instancesNAT gateway is like proxy server and connect EC2 instances in a private subnet to internet.