AWS Certified Solutions Architect – Associate (SAA-C03) — Question 668

A company wants to use NAT gateways in its AWS environment. The company's Amazon EC2 instances in private subnets must be able to connect to the public internet through the NAT gateways.

Which solution will meet these requirements?

Answer options

• A. Create public NAT gateways in the same private subnets as the EC2 instances.
• B. Create private NAT gateways in the same private subnets as the EC2 instances.
• C. Create public NAT gateways in public subnets in the same VPCs as the EC2 instances.
• D. Create private NAT gateways in public subnets in the same VPCs as the EC2 instances.

Correct answer: C

Explanation

To enable internet access for instances in private subnets, you must deploy a public NAT gateway in a public subnet that has a route to an internet gateway. Private NAT gateways (options B and D) do not support routing traffic to the public internet and are used only for private communication between VPCs or on-premises networks. Additionally, putting a NAT gateway in a private subnet (options A and B) prevents it from reaching the internet because private subnets lack direct paths to an internet gateway.