AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company wishes to deploy a new web service in the cloud that should be publicly accessible. Additionally, the service needs to interact with a data center located on-premises without exposing this interaction to the public internet. Which setup will best achieve this objective?
Deploy a NAT Gateway for instances that must communicate with external web clients, accompanied by rigorously configured Security Groups allowing ingress from known internal IP ranges.
Use a Network Interface with an associated Elastic IP in conjunction with a dedicated customer gateway to regulate access between the web clients and the internal data center.
Utilize an Elastic Load Balancer for internet-facing traffic and a Network Access Control List set to accept connections exclusively from the data center IP range.
Establish a site-to-site VPN connection using a Virtual Private Gateway, while enabling public internet connectivity with an Internet Gateway.
To allow the web service to be publicly accessible while keeping the backend interaction private, an Internet Gateway is necessary for the cloud resources to connect to the internet. In contrast, to connect securely to the on-premises data center, a Virtual Private Gateway is used for creating a VPN or leveraging AWS Direct Connect. This gateway cannot be accessed directly from the public internet and thus ensures a secure, private connection. A NAT Gateway is inappropriate as it is designed to allow instances in a private subnet to initiate outbound traffic without allowing inbound traffic. An ACL is stateless and does not provide secure encapsulation for private connections.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a site-to-site VPN connection?
Open an interactive chat with Bash
What is the purpose of a Virtual Private Gateway in AWS?
Open an interactive chat with Bash
How does an Internet Gateway contribute to cloud architecture?