A security engineer is designing a VPC with public and private subnets. The company requires that all outbound traffic from private subnets to the internet must go through a single IP address for logging and compliance. Which service should be used?
Why this answer
Option A is correct because a NAT Gateway provides outbound internet access from private subnets with a single Elastic IP. Option B is wrong because an Internet Gateway allows inbound and outbound traffic from public subnets. Option C is wrong because a VPC Endpoint is for accessing AWS services privately.
Option D is wrong because a Transit Gateway is for connecting multiple VPCs and on-premises networks.