A company runs a public-facing three-tier web application in a VPC across multiple Availability Zones. Amazon EC2 instances for the application tier running in private subnets need... A company runs a public-facing three-tier web application in a VPC across multiple Availability Zones. Amazon EC2 instances for the application tier running in private subnets need to download software patches from the internet. However, the EC2 instances cannot be directly accessible from the internet. Which actions should be taken to allow the EC2 instances to download the needed patches? (Select TWO.)
Understand the Problem
The question is asking which actions need to be taken to allow EC2 instances in a private subnet to download patches from the internet. This involves understanding network configurations and the proper use of NAT gateways or instances within AWS architecture.
Answer
Configure a NAT gateway in a public subnet and define a route to it.
The correct actions are: Configure a NAT gateway in a public subnet, and define a custom route table with a route to the NAT gateway for internet traffic and associate it with the private subnets for the application tier.
Answer for screen readers
The correct actions are: Configure a NAT gateway in a public subnet, and define a custom route table with a route to the NAT gateway for internet traffic and associate it with the private subnets for the application tier.
More Information
A NAT gateway allows instances in a private subnet to connect to the internet or other AWS services while preventing the internet from initiating connections with the instances.
Tips
A common mistake is to directly associate EC2 instances with the internet. Instead, use a NAT gateway for indirect internet access.
AI-generated content may contain errors. Please verify critical information
