What should the DevOps engineer do with the CloudFormation template so that IPv6 clients can access the web service?
Add an IPv6 CIDR block to the VPC and the private subnet for the EC2 instances. Create route table entries for the IPv6 network, use EC2 instance types that support IPv6, and assign IPv6 addresses to each EC2 instance.
Assign each EC2 instance an IPv6 Elastic IP address. Create a target group, and add the EC2 instances as targets. Create a listener on port 443 of the ALB, and associate the target group with the ALB.
Replace the ALB with a Network Load Balancer (NLB). Add an IPv6 CIDR block to the VPC and subnets for the NLB, and assign the NLB an IPv6 Elastic IP address.
Add an IPv6 CIDR block to the VPC and subnets for the ALB. Create a listener on port 443. and specify the dualstack IP address type on the ALB. Create a target group, and add the EC2 instances as targets. Associate the target group with the ALB.
Explanations:
While adding an IPv6 CIDR block to the VPC and subnet is necessary for enabling IPv6 support, simply assigning IPv6 addresses to the EC2 instances and creating route table entries does not ensure that the Application Load Balancer (ALB) can handle IPv6 traffic. The ALB itself must also be configured to support IPv6.
Assigning IPv6 Elastic IP addresses to the EC2 instances is not appropriate in this scenario because Elastic IPs are meant for public IPv4 addresses. Additionally, the ALB must handle IPv6 traffic directly, and this option does not mention the necessary configuration of the ALB to support IPv6.
Although Network Load Balancers can handle IPv6, the question specifies that an ALB is already in place. Replacing it with an NLB is not necessary to achieve IPv6 support. Furthermore, using an Elastic IP address for an NLB is not applicable for private subnets.
This option correctly describes the necessary steps to enable IPv6 access to the web service. Adding an IPv6 CIDR block to the VPC and subnets for the ALB, creating a listener on port 443, and specifying the dualstack IP address type on the ALB allows the ALB to handle both IPv4 and IPv6 traffic. Associating the target group with the ALB ensures that the EC2 instances are accessible via IPv6.