You’ve been brought in as solutions architect to assist an enterprise customer with their migration of an ecommerce platform to Amazon Virtual Private Cloud (VPC). The previous architect has already deployed a 3-
tier VPC.
The configuration is as follows:
You are now ready to begin deploying EC2 instances into the VPC. Web servers must have direct access to the
Internet. Application and database servers cannot have direct access to the Internet. Which configuration below
will allow you the ability to remotely administer your application and database servers, as well as allow these
servers to retrieve updates from the Internet?
A.
Create a bastion and NAT instance in subnet-248bc44c, and add a route from rtb-238bc44b to subnet-
258bc44d.
B.
Add a route from rtb-238bc44b to igw-2d8bc445 and add a bastion and NAT instance within subnet-
248bc44c
C.
Create a bastion and NAT instance in subnet-258bc44d, add a route from rtb-238bc44b to Igw-2d8bc445,
and a new NACL that allows access between subnet-258bc44d and subnet-248bc44c.
D.
Create a bastion and NAT instance in subnet-258bc44d, and add a route from rtb-238bc44b to the NAT
instance.
D
for private instances to have internet you must configure route to the nat instance
1
0