AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company wishes to deploy a new web service in the cloud that should be publicly accessible. Additionally, the service needs to interact with a data center located on-premises without exposing this interaction to the public internet. Which setup will best achieve this objective?
Use a Network Interface with an associated Elastic IP in conjunction with a dedicated customer gateway to regulate access between the web clients and the internal data center.
Deploy a NAT Gateway for instances that must communicate with external web clients, accompanied by rigorously configured Security Groups allowing ingress from known internal IP ranges.
Establish a site-to-site VPN connection using a Virtual Private Gateway, while enabling public internet connectivity with an Internet Gateway.
Utilize an Elastic Load Balancer for internet-facing traffic and a Network Access Control List set to accept connections exclusively from the data center IP range.