A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard.
The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for
SSH?

A.
Allow Inbound traffic on port 22 from the user’s network

B.
The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH
from that elastic IP

C.
The user can connect to a instance in a private subnet using the NAT instance

D.
Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the Internet

Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data
centre, the user can setup a case with a VPN only subnet (private. which uses VPN access to connect with his data
centre. When the user has configured this setup with Wizard, all network connections to the instances in the subnet will
come from his data centre. The user has to configure the security group of the private subnet which allows the inbound
traffic on SSH (port 22. from the data centre’s network range.