AWS Certified Solutions Architect – Associate (SAA-C02) — Question 675

A company runs a public three-tier web application in a VPC. The application runs on Amazon EC2 instances across multiple Availability Zones. The EC2 instances that run in private subnets need to communicate with a license server over the internet. The company needs a managed solution that minimizes operational maintenance.
Which solution meets these requirements?

Answer options

• A. Provision a NAT instance in a public subnet. Modify each private subnet's route table with a default route that points to the NAT instance.
• B. Provision a NAT instance in a private subnet. Modify each private subnet's route table with a default route that points to the NAT instance.
• C. Provision a NAT gateway in a public subnet. Modify each private subnet's route table with a default route that points to the NAT gateway.
• D. Provision a NAT gateway in a private subnet. Modify each private subnet's route table with a default route that points to the NAT gateway.

Correct answer: C

Explanation

A NAT gateway is a fully managed AWS service that minimizes operational maintenance compared to self-managed NAT instances, which rules out options A and B. Furthermore, a NAT gateway must be deployed in a public subnet with a route to an Internet Gateway to successfully connect to the internet, making option C correct and option D incorrect.