AWS Certified Solutions Architect – Associate (SAA-C02) — Question 82

A company has created a VPC with multiple private subnets in multiple Availability Zones (AZs) and one public subnet in one of the AZs. The public subnet is used to launch a NAT gateway. There are instances in the private subnets that use a NAT gateway to connect to the internet. In case of an AZ failure, the company wants to ensure that the instances are not all experiencing internet connectivity issues and that there is a backup plan ready.
Which solution should a solutions architect recommend that is MOST highly available?

Answer options

• A. Create a new public subnet with a NAT gateway in the same AZ. Distribute the traffic between the two NAT gateways.
• B. Create an Amazon EC2 NAT instance in a new public subnet. Distribute the traffic between the NAT gateway and the NAT instance.
• C. Create public subnets in each AZ and launch a NAT gateway in each subnet. Configure the traffic from the private subnets in each AZ to the respective NAT gateway.
• D. Create an Amazon EC2 NAT instance in the same public subnet. Replace the NAT gateway with the NAT instance and associate the instance with an Auto Scaling group with an appropriate scaling policy.

Correct answer: C

Explanation

Option C is the best choice as it ensures that each Availability Zone has its own NAT gateway, providing redundancy and maintaining internet connectivity even if one AZ fails. The other options do not offer the same level of availability and could lead to connectivity issues during an AZ outage, as they either rely on a single AZ or do not distribute the load effectively across multiple NAT solutions.