AWS Certified SysOps Administrator – Associate — Question 191

A company runs an application on hundreds of Amazon EC2 instances in three Availability Zones. The application calls a third-party API over the public internet. A SysOps administrator must provide the third party with a list of static IP addresses so that the third party can allow traffic from the application.

Which solution will meet these requirements?

Answer options

• A. Add a NAT gateway in the public subnet of each Availability Zone. Make the NAT gateway the default route of all private subnets in those Availability Zones.
• B. Allocate one Elastic IP address in each Availability Zone. Associate the Elastic IP address with all the instances in the Availability Zone.
• C. Place the instances behind a Network Load Balancer (NLB). Send the traffic to the internet through the private IP address of the NLB.
• D. Update the main route table to send the traffic to the internet through an Elastic IP address that is assigned to each instance.

Correct answer: A

Explanation

The correct answer is A because adding a NAT gateway in each Availability Zone allows instances in private subnets to access the internet while providing a static IP address for the third party to whitelist. Option B is incorrect as associating one Elastic IP with all instances doesn't ensure each instance can be accessed individually. Option C is not valid since using the private IP of the NLB does not provide a static public IP for third-party access. Option D fails because each instance would not have a static IP visible to the third party.