What should a SysOps administrator do to allow outbound-only connectivity for the new IPv6 subnets?
Configure an egress-only internet gateway and associate it with the VPC. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the egress-only internet gateway.
Turn on IPv6 NAT on the NAT gateways. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the NAT gateways.
Configure a new IPv6-only NAT gateway. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the IPv6-only NAT gateway.
Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the existing internet gateway.
Explanations:
An egress-only internet gateway is specifically designed for IPv6 to allow outbound traffic from private subnets while preventing unsolicited inbound traffic. Associating it with the private subnets’ route tables enables them to access the internet for outbound connections, as the default route will direct traffic to the egress-only internet gateway.
NAT gateways do not support IPv6 traffic. Therefore, enabling IPv6 NAT on NAT gateways is not a valid solution for allowing outbound-only IPv6 connectivity. IPv4 NAT functionality is not applicable for IPv6, and thus this option would not work.
IPv6-only NAT gateways are not a standard AWS feature. Instead, egress-only internet gateways are the appropriate mechanism for managing outbound IPv6 traffic from private subnets. Therefore, this option does not provide a valid solution for IPv6 connectivity.
An existing internet gateway is used for IPv4 traffic and does not provide the necessary functionality for IPv6-only outbound connections from private subnets. Private subnets cannot utilize the internet gateway for outbound IPv6 traffic without proper routing through an egress-only internet gateway.