What should the DevOps engineer do with the CloudFormation template so that IPv6 clients can access the web service?
Add an IPv6 CIDR block to the VPC and the private subnet for the EC2 instances. Create route table entries for the IPv6 network, use EC2 instance types that support IPv6, and assign IPv6 addresses to each EC2 instance.
Assign each EC2 instance an IPv6 Elastic IP address. Create a target group and add the EC2 instances as targets. Create a listener on port 443 of the ALB, and associate the target group with the ALB.
Replace the ALB with a Network Load Balancer (NLB). Add an IPv6 CIDR block to the VPC and subnets for the NLB, and assign the NLB an IPv6 Elastic IP address.
Add an IPv6 CIDR block to the VPC and subnets for the ALB. Create a listener on port 443, and specify the dualstack IP address type on the ALB. Create a target group and add the EC2 instances as targets. Associate the target group with the ALB.
Explanations:
Adding an IPv6 CIDR block to the VPC and private subnet for EC2 instances is necessary for IPv6 support. However, simply assigning IPv6 addresses to EC2 instances and creating route table entries will not allow IPv6 clients to access the service unless the ALB is configured for dualstack support (IPv4 and IPv6).
Assigning IPv6 Elastic IP addresses to EC2 instances is unnecessary for this setup, as the ALB is meant to handle the external traffic. Also, EC2 instances in a private subnet should not be directly accessible via public IP addresses. This option overlooks the proper configuration of the ALB.
Replacing the ALB with a Network Load Balancer (NLB) is unnecessary for IPv6 support, especially since the ALB can handle IPv6 traffic. The focus should be on configuring the ALB for IPv6, not switching to a different load balancer.
Adding an IPv6 CIDR block to the VPC and subnets for the ALB and creating a listener with the dualstack IP address type ensures that the ALB can handle both IPv4 and IPv6 traffic. The configuration of the target group and association with the ALB is also correctly done here.
I chart that the answer is:
Add an IPv6 CIDR block to the VPC and subnets for the ALB. Create a listener on port 443, and specify the dualstack IP address type on the ALB. Create a target group and add the EC2 instances as targets. Associate the target group with the ALB.