AWS Certified Solutions Architect - Professional (#318)

A company is adding a new approved external vendor that only supports IPv6 connectivity. The company’s backend systems sit in the private subnet of an Amazon VPC. The company uses a NAT gateway to allow these systems to communicate with external vendors over IPv4. Company policy requires systems that communicate with external vendors to use a security group that limits access to only approved external vendors. The virtual private cloud (VPC) uses the default network ACL. The Systems Operator successfully assigns IPv6 addresses to each of the backend systems. The Systems Operator also updates the outbound security group to include the IPv6 CIDR of the external vendor (destination). The systems within the VPC are able to ping one another successfully over IPv6. However, these systems are unable to communicate with the external vendor. What changes are required to enable communication with the external vendor?

Create an IPv6 NAT instance. Add a route for destination 0.0.0.0/0 pointing to the NAT instance.
Enable IPv6 on the NAT gateway. Add a route for destination ::/0 pointing to the NAT gateway.
Enable IPv6 on the internet gateway. Add a route for destination 0.0.0.0/0 pointing to the IGW.
Create an egress-only internet gateway. Add a route for destination ::/0 pointing to the gateway.