AWS Certified Solutions Architect Associate SAA-C03 Practice Question
An application is hosted in an Amazon EC2 instance which does not have direct Internet access. The instance needs to pull software updates from public repositories but should not accept inbound connections from external sources. As a solutions architect, what is the most secure way to configure Internet connectivity to meet these requirements?
You selected this option
Attach an Internet Gateway (IGW) and route internet traffic directly to the instance.
You selected this option
Set up a NAT Gateway (NGW) and update the route table to direct internet traffic through it.
You selected this option
Configure an endpoint to connect the instance to the Internet without using a public IP address.
You selected this option
Assign a public IP address to the instance and modify the security group to allow outbound Internet traffic.
Setting up a NAT (Network Address Translation) gateway and updating the route table allows the instance to initiate outbound connections to the Internet for downloading updates while preventing inbound connections from external sources. This method keeps the instance non-public and enhances security. Merely assigning public IP address without proper routing configuration does not give Internet access regardless of security group outbound rules. Attaching an Internet gateway and routing traffic directly to the instance would expose it to inbound traffic, increasing security risks by allowing inbound connections. Configuring an endpoint connects to AWS services privately but does not provide general Internet access needed for downloading updates.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a NAT Gateway and how does it work?
Open an interactive chat with Bash
What is a route table and why is it important?
Open an interactive chat with Bash
What are the security implications of using an Internet Gateway?