Skip to content

An ongoing accounting of what AWS's service gaps are in their IPv6 coverage, specifically those that have economic impact.

License

Notifications You must be signed in to change notification settings

DuckbillGroup/aws-ipv6-gaps

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 

Repository files navigation

AWS Services That Do Not Support IPv6

Now that AWS is charging per IPv4 address as of February 2024, suddenly lack of IPv6 support has economic consequences for AWS customers. Thus, the reason for this page is to highlight IPv6 gaps across AWS's service offerings.

Service Corey's Commentary
VPC Reachability Analyzer Networks break; if you want to figure out why, you'd best be using an IPv4 stack. Even AWS doesn't know how to charge you to fix your IPv6 problems...
Load Balancers Yes, these support IPv6 in dual-stack configuration--but the price of each of these just went up by $3.50 a month for every AZ they have a listener hanging out within. Network Load Balancers don't listen on UDP if they're set to dual stack, Classic ELBs only support IPv6 if they're in the now-deprecated EC2 Classic, and Application Load Balancers seem... mostly okay? Gateway Load Balancers have no use case that I have discovered yet. Yes, I know, today almost nobody needs a pure IPv6 load balancer, but the future is coming.
Gateway Endpoints If you want the only two services that offer gateway endpoints in private Subnets (S3 and DynamoDB) to continue to not incur significant charges when passing through a Managed NAT Gateway, these things need to support IPv4 to get you there; in an IPv6 only environment you theoretically don't need these as NAT isn't a concern, but in dual-stack environments I feel like a lot of stuff is going to bias for the 4.5¢ per GB option rather than the free one.
EC2 Instance Connect EC2 Instance Connect doesn't support IPv6, full stop. That means that for this to work you've gotta use IPv4, and also get yourself into the privately-addressed range via VPN, Direct Connect, Arcane Prayers, etc.
Auto Scaling Groups Auto Scaling Groups can only register/de-register instances to target groups via 'instance-id' and not 'ip-address', and 'instance-id' only supports IPv4 targets.
Systems Manager The SSM Agent requires IPv4 access to Systems Manager endpoints in order to function
Kinesis/SQS Examples of possible high volume AWS services, not supporting IPv6. Requiring you to make the trade of between paying $3.50 a month for every ec2 instance using it, or spawning a VPC endpoint at $10.50 a month for every AZ and $0.01 per GB. And do not forget to update all your code/config to use these new endpoints.
App Runner No option to select IPv6. Defaults to IPv4.
Amazon EKS Security groups for Pods can't be used with clusters configured for the IPv6 family that contain Amazon EC2 nodes.
App Runner No option to select IPv6 for ingress. Defaults to IPv4. No support for IPv6 VPC connectors.
API Gateway IPv4 only (for incoming requests; for HTTP proxy requests; for VPC links)
ECR (public and private) No IPv6 endpoints to pull from, so you need IPv4 for your 17+ services that run containers
Cloudfront Cannot pull from IPv6 origins, so your origin must be available via public IPv4
AppSync GraphQL endpoints are IPv4-only
ClientVPN Currently the Client VPN service does not support routing IPv6 traffic through the VPN tunnel.
Lambda Lambda's execution environment does not support IPv6 at all. Neither "naked" nor in-VPC Lambda function can connect to IPv6 targets, with some customers even migrating away from Lambda
Almost all of them! >90% of AWS service API endpoints to do not support IPv6 at all, so they cannot be used by AWS CLI, SDKs etc. from an IPv6-only VPC.
Some services support separate "dualstack" endpoints that require special configuration (also known as Coward's Endpoints).
Some services support IPv6 only in select regions, like EC2.
Only 3% of service endpoints support True IPv6™ by default.
For a complete list, see this map.

About

An ongoing accounting of what AWS's service gaps are in their IPv6 coverage, specifically those that have economic impact.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published