What should a solutions architect recommend to resolve this issue?
Create a NAT gateway and make it the destination of the subnet’s route table
Create an internet gateway and make it the destination of the subnet’s route table
Create a virtual private gateway and make it the destination of the subnet’s route table
Create an egress-only internet gateway and make it the destination of the subnet’s route table
Explanations:
A NAT gateway is used for enabling instances in a private subnet to initiate outbound traffic to the internet while preventing inbound traffic from the internet. However, NAT gateways do not support IPv6. Thus, this option does not meet the requirement of allowing outbound communication using IPv6.
An internet gateway allows both inbound and outbound traffic between the instances in a VPC and the internet. However, since the security policy specifies that no external service can initiate a connection to the EC2 instances, using an internet gateway is not appropriate as it allows inbound traffic.
A virtual private gateway is primarily used for connecting a VPC to a VPN or AWS Direct Connect. It does not facilitate outbound internet access for instances, nor does it specifically restrict inbound connections from the internet. Hence, this option does not meet the requirements.
An egress-only internet gateway is specifically designed for IPv6 traffic, allowing instances to initiate outbound connections to the internet while preventing unsolicited inbound traffic from reaching the instances. This aligns with the company’s security policy and allows for the required outbound communication.