How should a SysOps administrator configure the VPC to meet these requirements?
Create and attach a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.
Create and attach an internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway. Attach the custom route table to the IPv6-only subnets.
Create and attach an egress-only internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the egress-only internet gateway. Attach the custom route table to the IPv6-only subnets.
Create and attach an internet gateway and a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway and all IPv4 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.
Explanations:
A NAT gateway is used to enable outbound internet access for instances in private subnets that do not have public IP addresses. However, it does not support IPv6 traffic, as IPv6 traffic does not require a NAT gateway for internet access.
An internet gateway allows direct access to the internet, which contradicts the requirement that EC2 instances must not be accessible from the internet. Therefore, this option is not suitable for the specified configuration.
An egress-only internet gateway is designed specifically for IPv6 and allows outbound internet access while preventing inbound traffic from the internet. This meets the requirement of allowing EC2 instances to access the internet while not being directly accessible from it.
While this option includes both an internet gateway and a NAT gateway, it does not align with the requirement of using only IPv6. An internet gateway would expose instances to the internet, violating the requirement that the EC2 instances must not be accessible from the internet.