A company has a VPC with a CIDR of 10.0.0.0/16. They have two Availability Zones, each with a public subnet (10.0.1.0/24 and 10.0.2.0/24) and a private subnet (10.0.3.0/24 and 10.0.4.0/24). They have an internet-facing ALB in the public subnets and EC2 instances in the private subnets. The EC2 instances need to download updates from the internet. They deploy a NAT Gateway in each public subnet and add routes in the private subnet route tables pointing to the respective NAT Gateway in the same AZ. However, the EC2 instances in AZ2 cannot access the internet, while those in AZ1 can. What is the most likely cause?
A NAT Gateway requires an Elastic IP; without it, it cannot route traffic to the internet.
Why this answer
The NAT Gateway in AZ2 may be in a different public subnet than the one the private subnet route points to, or the NAT Gateway may not have an associated Elastic IP. Option A is wrong because cross-AZ routing is possible but not the issue. Option B is wrong because the route is to the specific NAT Gateway in the same AZ.
Option D is wrong because the issue is specific to one AZ, not a global issue.