AWS Certified SysOps Administrator – Associate (legacy) — Question 598

A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.
What should be done to accomplish this?

Answer options

• A. Create a customer gateway to connect to Amazon S3. Modify the route table of the private subnets to use the customer gateway.
• B. Create a gateway VPC endpoint for Amazon S3. Modify the route table of the private subnets to use the gateway VPC endpoint.
• C. Create a NAT gateway in the private subnets. Modify the route table of the subnets to use the NAT gateway.
• D. Create an S3 bucket policy to allow connections from the private subnets. Modify the route table.

Correct answer: C

Explanation

A NAT gateway allows instances in private subnets to connect to outbound services such as Amazon S3 while preventing the internet from initiating connections with those instances. By routing the private subnet's outbound traffic through the NAT gateway, the web servers gain the necessary path to access S3. Customer gateways and bucket policies do not establish the required network route for private subnets to communicate with S3.