An EC2 instance that performs source/destination checks by default is launched in a private VPC
subnet. All security, NACL, and routing definitions are configured as expected. A custom NAT
instance is launched.
Which of the following must be done for the custom NAT instance to work?
A.
The source/destination checks should be disabled on the NAT instance.
B.
The NAT instance should be launched in public subnet.
C.
The NAT instance should be configured with a public IP address.
D.
The NAT instance should be configured with an elastic IP address.
Explanation:
Each EC2 instance performs source/destination checks by default. This means that the instance
must be the source or destination of any traffic it sends or receives. However, a NAT instance
must be able to send and receive traffic when the source or destination is not itself. Therefore,
you must disable source/destination checks on the NAT instance.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html#EIP_Disab
le_Src DestCheck