Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 223 discussion

The answer is A for me, but what "forwards non-VPC traffic" does mean, there is nothing about "non-VPC traffic"

AAAAAAAAAAAAAAAAA

non-VPC means Internet bound (Non-local)...this is a way of English usage just to confuse exam takers...

This is a grammar question.... I chose B. NAT instances FOR private subnet. We don't need NAT gateway FOR public subnet.

If you choosed another answer not A, must study harder

Hint: IPV4 = NAT Gateway IPV6 = Egress-only internet gateway go with option A

The dude made this question should improve his English. It should be "in the public subnet for the private subnet". Base on the "don't think too much" rule, I still choose A. Of course everything is "for the private subnet", it is implied.

B. As NAT Gateway can be used only on private subnets https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

Ans = A 1. NAT Gateways = connect Private Subnets to the Internet 2. NAT gateways = Highly available 3. NAT Gateway = a highly available AWS managed service that makes it easy to connect to the Internet from instances within a private subnet in an Amazon Virtual Private Cloud (Amazon VPC). Previously, you needed to launch a NAT instance to enable NAT for instances in a private subnet. 4. VPN NAT Gateways reside in Public Subnets > have to configure NAT Gateways in Public Subnet > then associate NAT Gateways in Private Subnet route table 5. Reference: https://aws.amazon.com/about-aws/whats-new/2018/03/introducing-amazon-vpc-nat-gateway-in-the-aws-govcloud-us-region/#:~:text=NAT%20Gateway%20is%20a%20highly,instances%20in%20a%20private%20subnet. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html

B - feels like Amazon is testing for grammar skills rather than architecting skills :( Create three NAT (instances/gateways) in public subnet, one for each private subnet in each AZ

The answer is A. This is a repeated question.

Answer is B 'One "for" each public subnet' in Answer A is misleading. U create NAT Gateways "in" public subnet "for" private subnet. Answer B makes more sense, it says Create 3 Nat Instances "for" each private subnets. NAT gateway should be the answer, however the answer here is misleading for A, hence I choose B which suits more.

Answer is A NAT gateways over NAT instances anytime

The answer is A First, NAT instances are not recommended by AWS anymore. Second, the solution must seek for HA: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-natcomparison.html - Availability NAT gateway: Highly available. NAT gateways in each Availability Zone are implemented with redundancy. Create a NAT gateway in each Availability Zone to ensure zone independent architecture. NAT instance: Use a script to manage failover between instances.

A for sure

Ans=A. Create three NAT gateways, one for each public subnet in each AZ. Create a private route table for each AZ that forwards non-VPC traffic to the NAT gateway in its AZ.

Absolutely A, those who are saying it's B please read below, Internet traffic from the instances in the private subnet is routed to the NAT instance, which then communicates with the internet. Therefore, the NAT instance must have internet access. It must be in a public subnet (a subnet that has a route table with a route to the internet gateway), and it must have a public IP address or an Elastic IP address. All NAT ( be it Gateway/Instance) must set up in Public in order to connect to the internet, so B create NAT instance in private is WRONG. The only possible answer here is A