Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 839 discussion

without internet => gateway endpoints

Answer C "The company wants to access Amazon S3 without traversing the internet." so we cannot use any NAT like in answer A & B. Transit Gateways is allowing reach Direct Connect or VPN connection from VPC. Hence C need to be a good answer

why not D? i don't understand

The Key words are "Without traversig the internet". So, the awser is C. https://docs.aws.amazon.com/pt_br/vpc/latest/privatelink/gateway-endpoints.html

By provisioning a gateway endpoint for Amazon S3 in the VPC, you enable the Lambda function running in the private subnets to access S3 directly without needing to go through the NAT instance or traverse the internet. This solution helps alleviate the network congestion issue and reduces latency since the traffic between Lambda and S3 stays within the AWS network. Additionally, updating the route tables of the subnets to route S3 traffic through the gateway endpoint ensures that the Lambda function can seamlessly communicate with S3 without encountering timeouts caused by network saturation on the NAT instance.

NAT gateways are highly available and can automatically scale up to meet increased traffic demands.

A https://aws.amazon.com/about-aws/whats-new/2015/12/introducing-amazon-vpc-nat-gateway-a-managed-nat-service/