An IoT company needs to develop a product that can quickly count the number of persons in a given area. They have used wireless sensors and a Node.js backend in AWS EC2 (ap-southeast-2 region with 3 availability zones). As the data is very sensitive which will be analyzed by a third-party company, they need the backend to be highly available. The backend EC2 needs to connect to the internet to download patches. Other than that, for security reasons, EC2 should only open SSH port to a jump host. For the below descriptions, which one is the best? 

Answer options:

A.For each availability zone, create a public subnet and a private subnet. Create a NAT gateway in a single public subnet and for the route table in three private subnets, add a route from 0.0.0.0/0 to the NAT gateway. Add a bastion host in one public subnet and for EC2 instances, only open port 22 for the inbound traffic from the bastion host ARN id.
B.Create a public subnet and a private subnet in all three availability zones in the ap-southeast-2 region. Create a NAT instance in each public subnet and for the route table in the private subnet, add a route from 0.0.0.0/0 to the public subnet. Add a bastion host in one public subnet and for EC2 instances, only open port 22 for the inbound traffic from the bastion host ARN id.
C.For each availability zone, create a public subnet and a private subnet. Create a NAT gateway in each public subnet and for the route table in the private subnet, add a route from 0.0.0.0/0 to the NAT gateway. Add a bastion host in one public subnet and for EC2 instances, only open port 22 for the inbound traffic from the security group of the bastion host.
D.Create a private subnet in ap-southeast-2a and three public subnets in ap-southeast-2a, ap-southeast-2b, and ap-southeast-2c. Create a NAT gateway using an autoscaling group in all three availability zones and for the route table in the private subnet, add a route from 0.0.0.0/0 to the NAT gateway. Add a bastion host in one public subnet and for EC2 instances, only open port 22 for the inbound traffic from the security group of the bastion host.

Correct Answer – C
 
As in the scenario, high availability is a must. We should consider using public/private pairs in all three availability zones ap-southeast-2a, ap-southeast-2b, and ap-southeast-2c. Then create a NAT gateway in each public subnet as NAT gateway is within the scope of an availability zone. This can ensure that other NAT gateways can still server internet traffic even when an availability zone is out of service. In terms of the Bastion host, it should be put in a public subnet, and the EC2 security group should allow the SSH access (port 22) for the inbound traffic from the Bastion host security group.
Option A is incorrect: Because NAT gateway should be created in each availability zone instead of meeting the need for high availability. And bastion host ARN id is incorrect as well. Bastion host security group should be used.
Option B is incorrect: Because NAT gateway is better than NAT instance as NAT gateway is more reliable and easier to maintain. Moreover, the route should connect to the NAT gateway.
Option C is CORRECT: Because it has used NAT gateway in three availability zones and Bastion host in a public subnet, which is the best way.
Option D is incorrect: Because it should create three private subnets to make three public/private pairs. It can ensure that the service is not interrupted even when one availability zone is out of service. Moreover, NAT gateway is highly managed by AWS, and autoscaling is impossible to be added for that.