A company’s applications run on Amazon EC2 instances with IPv6 addresses. The applications must initiate outbound communications to external internet services, but the security policy requires that external services cannot initiate connections to the EC2 instances. What should a solutions architect recommend?
Choose an answer
Tap an option to check your answer.
Correct answer: Create an egress-only internet gateway and make it the destination of the subnet's route table.
Why this is the answer
An egress-only internet gateway (EIGW) is specifically designed for IPv6 traffic to allow instances in a private subnet to initiate outbound connections to the internet while preventing unsolicited inbound connections from the internet. This perfectly matches the security requirement. A NAT gateway is used for IPv4 traffic. An internet gateway allows both inbound and outbound connections for IPv4 and IPv6, which violates the security policy. A virtual private gateway is used for VPN connections between your VPC and on-premises networks, not for direct internet access.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed