🔥 3-day streak
AWS Certified Solutions Architect - Associate91 / 150
Question 91 of 150

A financial services company runs a fleet of EC2 instances in private subnets that must reach the internet through a NAT gateway to download OS patches. Compliance rules require that outbound traffic be restricted so instances can only communicate with a specific allowlist of external domains (such as the OS vendor's update repositories) and all other outbound traffic must be blocked and logged for auditing. Which solution best meets these requirements?

Reviewed for accuracy · Report an issueNext question →