A company has set up a Virtual Private Cloud (VPC) with public and private subnets. The instances in the private subnet must retrieve updates from the internet, but should not be directly accessible from external sources. Which component should the company use to allow these instances to connect to the internet while ensuring they remain private?
To allow instances in a private subnet to initiate outbound traffic to the internet without allowing inbound traffic from the internet, a NAT gateway or a NAT instance can be used. The NAT gateway is a managed service that provides better availability and bandwidth compared to a NAT instance, which is self-managed and runs on a specific EC2 instance type. Internet Gateways are used to provide a target in route tables to allow instances to connect to the internet, but since they allow bidirectional internet access, using them alone would not meet the requirement of keeping instances private. Similarly, a Virtual Private Gateway is used to connect a VPC to an on-premises network via a VPN connection and doesn't facilitate private instances accessing the internet.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a NAT Gateway and how does it work?
Open an interactive chat with Bash
What are the differences between a NAT Gateway and a NAT Instance?
Open an interactive chat with Bash
Why can't I use an Internet Gateway for private subnet instances?
Open an interactive chat with Bash
AWS Cloud Practitioner CLF-C02
Cloud Technology and Services
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access