A company is managing a large-scale workload involving thousands of Amazon EC2 instances within a VPC comprising both public and private subnets. The public subnets are configured with a route to an existing internet gateway for 0.0.0.0/0, while the private subnets route 0.0.0.0/0 through an existing NAT gateway. To enhance security and network capabilities, a solutions architect is tasked with transitioning all EC2 instances to utilize IPv6. Importantly, EC2 instances in the private subnets should remain inaccessible from the public internet. What measures should the solutions architect implement to fulfill these objectives?

Exam-Like

Modify the current VPC to integrate a custom IPv6 CIDR block across the VPC and its subnets. Adjust all VPC route tables to include a route for ::/0 directing traffic to the internet gateway.

14.3%

Revise the existing VPC to incorporate an Amazon-provided IPv6 CIDR block for the VPC and all subnets. Amend the VPC route tables associated with the private subnets to route ::/0 traffic through the NAT gateway.

28.6%

Upgrade the existing VPC by associating it with an Amazon-provided IPv6 CIDR block for the VPC and all subnets. Establish an egress-only internet gateway and reconfigure the VPC route tables for the private subnets to direct ::/0 traffic to this new gateway.

42.9%

Enhance the existing VPC by linking it with a custom IPv6 CIDR block for the VPC and all subnets. Deploy a new NAT gateway with IPv6 support and update the VPC route tables for the private subnets to channel ::/0 traffic via the IPv6-enabled NAT gateway.

14.3%

AWS Certified Solutions Architect - Professional

Get started today

Comments