AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company's virtual private cloud (VPC) spans three isolated subnets, each in a different Availability Zone in the same Region. Instances in all three subnets must download software updates from the public internet. Traffic volume is moderate and roughly equal across the subnets, and keeping costs low is the primary goal. Which configuration will provide the required outbound connectivity at the lowest monthly cost?
Launch small, self-managed NAT instances in each subnet and route traffic through the instance that resides in the same Availability Zone.
Remove the translation layer entirely and attach an Internet Gateway directly to each isolated subnet.
Establish a single managed NAT gateway in one Availability Zone and have the other two subnets route their outbound traffic through it.
Provision separate managed NAT gateways-one in each subnet-to give every AZ dedicated outbound access.
Running small, self-managed NAT instances (for example, t3.nano) in each Availability Zone is the cheapest option for moderate traffic. Each instance costs about $0.0052 per hour (≈ $3.80 per month) and does not add per-GB data-processing charges. Three such instances therefore cost roughly $11.40 per month and avoid cross-AZ data-transfer fees because each subnet uses the NAT instance in its own AZ.
A single NAT gateway would incur a fixed $0.045 per hour (≈ $32.85 per month) plus $0.045 per GB processed and cross-AZ transfer charges for two of the subnets, so it is more expensive. Deploying a NAT gateway in every AZ is even costlier because of three separate hourly charges. Giving each private subnet an Internet Gateway is not possible because resources in private subnets do not have publicly routable addresses.
NAT instances require manual patching and offer lower bandwidth, so high-traffic or production workloads may justify NAT gateways despite the higher price.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Virtual Private Cloud (VPC)?
Open an interactive chat with Bash
What is Network Address Translation (NAT) and why is it used?
Open an interactive chat with Bash
What are Availability Zones, and why are they important?