You have a set of Instances in your VPC that communicate over the IPv6 protocol. You need to ensure that traffic can flow from the Instances to the Internet but not vice versa. How can you achieve this?

Answer options:

A.Change the Internet gateway only to allow outbound traffic for IPv6.
B.Change the Security Groups to not allow Inbound Traffic on the Instances.
C.Change the NACLs to not allow Inbound Traffic on the Instances.
D.Use an Egress only Internet gateway.

Answer – D
This is also given in the AWS Documentation.
IPv6 addresses are globally unique and are therefore public by default. If you want your instance to be able to access the Internet, but you want to prevent resources on the Internet from initiating communication with your instance, you can use an egress-only Internet gateway. To do this, create an egress-only Internet gateway in your VPC, and then add a route to your route table that points all IPv6 traffic (::/0) or a specific range of IPv6 addresses to the egress-only Internet gateway. IPv6 traffic in the subnet that`s associated with the route table is routed to the egress-only Internet gateway.
Option A is invalid since there is no such option.
Options B and C are invalid since this is not the right way to limit traffic for IPv6 for such a requirement.
For more information on Egress only Internet gateway, please refer to the below URL
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/egress-only-internet-gateway.html