The requirement is to test IPv6 connectivity in an AWS VPC. When a VPC is associated with an IPv6 CIDR block, subnets can be configured to assign IPv6 addresses to resources, and routing must be correctly configured to allow IPv6 traffic to flow.
For public IPv6 connectivity, IPv6 traffic must be routed through an internet gateway. Unlike IPv4, IPv6 addresses are globally routable by default, and there is no concept of NAT for IPv6 egress through a NAT gateway. Therefore, for an EC2 instance in a public subnet that needs inbound and outbound IPv6 connectivity, the subnet route table must include a route that sends IPv6 traffic (::/0) to an internet gateway. Option C correctly describes this configuration and is a standard pattern for enabling IPv6 access for public subnets.
For private subnets that require outbound-only IPv6 connectivity (for example, instances that must initiate connections to the internet but must not accept inbound connections), AWS provides an egress-only internet gateway. An egress-only internet gateway allows outbound IPv6 traffic while blocking unsolicited inbound IPv6 traffic, similar in intent to how a NAT gateway is used for IPv4. Option E correctly uses an egress-only internet gateway for IPv6 traffic from a private subnet, making it the correct choice for private IPv6 connectivity testing.
Option A focuses on Direct Connect integration. Although Direct Connect can support IPv6, associating a virtual private gateway with a Direct Connect gateway is not required simply to test IPv6 connectivity to customers worldwide. This option also does not explicitly configure IPv6 internet routing and therefore does not directly meet the stated requirement.
Option B is incorrect because NAT gateways do not support IPv6. NAT gateways are IPv4-only services, so routing IPv6 traffic to a NAT gateway is not a valid configuration.
Option D is also incorrect because NAT instances do not provide a supported or recommended solution for IPv6 traffic. NAT-based designs are intended for IPv4 address translation and are not used for IPv6 connectivity in AWS.
Therefore, using an internet gateway for public IPv6 subnets and an egress-only internet gateway for private IPv6 subnets is the correct and supported approach.
[References:AWS documentation on IPv6 addressing in Amazon VPC, including requirements for internet gateways and egress-only internet gateways.AWS documentation describing that NAT gateways and NAT instances are IPv4-only and are not used for IPv6 traffic., ]
Submit