What should a solutions architect recommend to resolve this issue?
Create a NAT gateway and make it the destination of the subnet’s route table.
Create an internet gateway and make it the destination of the subnet’s route table.
Create a virtual private gateway and make it the destination of the subnet’s route table.
Create an egress-only internet gateway and make it the destination of the subnet’s route table.
Explanations:
A NAT gateway is used for IPv4 addresses to allow instances in a private subnet to initiate outbound traffic to the internet while preventing unsolicited inbound traffic. However, it is not applicable for instances with IPv6 addresses, which can communicate directly with the internet.
An internet gateway allows instances with public IPv4 addresses to communicate directly with the internet. However, this option does not restrict inbound traffic, which contradicts the company’s security policy that forbids external services from initiating connections to EC2 instances.
A virtual private gateway is used to connect an AWS VPC to an external network via VPN. It does not facilitate internet communication for IPv6 addresses and does not provide egress control for security policy requirements.
An egress-only internet gateway is specifically designed for instances with IPv6 addresses, allowing them to initiate outbound connections to the internet while preventing external services from initiating connections to these instances. This aligns with the company’s security policy.
From my perspective, the answer is:
Create an egress-only internet gateway and make it the destination of the subnet’s route table.
I plot that the answer is:
Create an egress-only internet gateway and make it the destination of the subnet’s route table.