Answer-first summary for fast verification
Answer: Upgrade the existing VPC by associating it with an Amazon-provided IPv6 CIDR block for the VPC and all subnets. Establish an egress-only internet gateway and reconfigure the VPC route tables for the private subnets to direct ::/0 traffic to this new gateway.
The correct answer is C. To migrate EC2 instances to use IPv6 while ensuring the instances in private subnets remain inaccessible from the public internet, you should associate an Amazon-provided IPv6 CIDR block with the VPC and all subnets. In addition, by creating an egress-only internet gateway, you allow outbound traffic from the instances in the private subnets to the internet without accepting inbound traffic. Updating the VPC route tables for all private subnets to route ::/0 traffic to this egress-only internet gateway ensures that the private subnets can communicate over IPv6 without being exposed to the public internet.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is managing a large-scale workload involving thousands of Amazon EC2 instances within a VPC comprising both public and private subnets. The public subnets are configured with a route to an existing internet gateway for 0.0.0.0/0, while the private subnets route 0.0.0.0/0 through an existing NAT gateway. To enhance security and network capabilities, a solutions architect is tasked with transitioning all EC2 instances to utilize IPv6. Importantly, EC2 instances in the private subnets should remain inaccessible from the public internet. What measures should the solutions architect implement to fulfill these objectives?
A
Modify the current VPC to integrate a custom IPv6 CIDR block across the VPC and its subnets. Adjust all VPC route tables to include a route for ::/0 directing traffic to the internet gateway.
B
Revise the existing VPC to incorporate an Amazon-provided IPv6 CIDR block for the VPC and all subnets. Amend the VPC route tables associated with the private subnets to route ::/0 traffic through the NAT gateway.
C
Upgrade the existing VPC by associating it with an Amazon-provided IPv6 CIDR block for the VPC and all subnets. Establish an egress-only internet gateway and reconfigure the VPC route tables for the private subnets to direct ::/0 traffic to this new gateway.
D
Enhance the existing VPC by linking it with a custom IPv6 CIDR block for the VPC and all subnets. Deploy a new NAT gateway with IPv6 support and update the VPC route tables for the private subnets to channel ::/0 traffic via the IPv6-enabled NAT gateway.