AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 267

You have created a custom VPC. What are two things you may need to do in order to SSH directly into your instance? (Choose two.)

Answer options

• A. Enable SSH on the instance
• B. Attach a NAT Gateway
• C. Enable Public IP addresses
• D. Attach an Internet Gateway

Correct answer: C, D

Explanation

To establish a direct SSH connection to an instance within a custom VPC from the public internet, the instance requires a public IP address for external routing, and the VPC must be connected to an Internet Gateway. A NAT Gateway only enables outbound internet connectivity for instances in private subnets and cannot be used for direct inbound SSH access. While the SSH daemon must be running on the instance, standard cloud images have this enabled by default, making the network infrastructure configuration of an Internet Gateway and Public IP the primary requirements.