Home › AWS SysOps Associate › cloudcomputing › sysopssecuritynetwork › An EC2 instance in a private subnet needs outbou…
An EC2 instance in a private subnet needs outbound HTTPS to api.example.com but no inbound internet exposure. Which two networking primitives, combined, enable this?
AAn Internet Gateway directly attached to the private subnet
BA CloudFront distribution as the proxy
CA NAT Gateway in a public subnet plus a route from the private subnet to the NAT Gateway
DA VPN to an on-prem datacentre as the only egress path
Answer & Solution
Correct answer: C. A NAT Gateway in a public subnet plus a route from the private subnet to the NAT Gateway
NAT Gateway + private-subnet default route = outbound-only internet. IGW on a private subnet would expose it inbound; VPN to on-prem isn't the same path; CloudFront isn't a forward proxy.
Related questions
Which managed AWS service centralises and accelerates cross-Region private traffic betweenWhich Route 53 feature distributes requests to multiple endpoints proportionally based on An application backed by an ALB receives an unusually high number of 4xx errors from a fewWhich AWS service allows centrally rotating keys, audit-logging key usage, and enforcing kWhich AWS service tests an IAM policy against a hypothetical request and explains which stWhich managed service lets you privately connect a VPC to an AWS service (e.g. S3, DynamoDWhich networking object inside a VPC is STATELESS (return traffic doesn't auto-allow) and Which AWS feature provides DDoS protection at L3/L4 for all AWS customers by default, with