AWS Certified Solutions Architect - Professional (#446)

An EC2 instance that performs source/destination checks by default is launched in a private VPC subnet. All security, NACL, and routing definitions are configured as expected. A custom NAT instance is launched. Which of the following must be done for the custom NAT instance to work?

The source/destination checks should be disabled on the NAT instance.
The NAT instance should be launched in public subnet.
The NAT instance should be configured with a public IP address.
The NAT instance should be configured with an elastic IP address.