AWS Certified Solutions Architect – Associate (SAA-C02) — Question 669

A company is running an application in a private subnet in a VPC with an attached internet gateway. The company needs to provide the application access to the internet while restricting public access to the application. The company does not want to manage additional infrastructure and wants a solution that is highly available and scalable.
Which solution meets these requirements?

Answer options

• A. Create a NAT gateway in the private subnet. Create a route table entry from the private subnet to the internet gateway.
• B. Create a NAT gateway in a public subnet. Create a route table entry from the private subnet to the NAT gateway.
• C. Launch a NAT instance in the private subnet. Create a route table entry from the private subnet to the internet gateway.
• D. Launch a NAT instance in a public subnet. Create a route table entry from the private subnet to the NAT instance.

Correct answer: B

Explanation

A NAT gateway is a fully managed AWS service that provides high availability and automatic scaling without requiring manual infrastructure management, making it superior to a NAT instance. To function correctly, the NAT gateway must be located in a public subnet with a route to the internet gateway, and the private subnet's route table must direct outbound internet traffic to the NAT gateway.