AWS - Architecture Best Practices
How can you securely allow the app tier in a private subnet to access an external API on the internet without exposing the app instances publicly?
How can you securely allow the app tier in a private subnet to access an external API on the internet without exposing the app instances publicly?
hard📝 Application Q9 of 15
Step-by-Step Solution
Solution:
Step 1: Understand private subnet internet access
Instances in private subnets cannot access the internet directly without NAT.Step 2: Identify secure method for internet access
NAT gateway in public subnet allows outbound internet access without exposing instances.Final Answer:
Configure a NAT gateway in a public subnet and route app subnet traffic through it -> Option CQuick Check:
NAT gateway enables secure internet access = D [OK]
Quick Trick: Use NAT gateway for private subnet internet access [OK]
Common Mistakes:
- Assigning public IPs (exposes instances)
- Putting app tier in public subnet unnecessarily
- Using VPN for internet access
Master "Architecture Best Practices" in AWS
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore AWS Quizzes