AWS announces private IPv6 addressing for VPCs and subnets
AWS announces the general availability of private IPv6 addressing for VPCs and subnets with Amazon VPC IP Address Manager (IPAM). On AWS, private IPv6 addresses can take the form of Unique Local IPv6 Unicast Addresses (ULA) and Global Unicast Addresses (GUA), and can only be used for private access. These IPv6 addresses are not and cannot be advertised to the internet by AWS. Within IPAM, customers can configure private IPv6 addresses in a private scope, provision ULA and GUA, and use them to create VPCs and subnets for private access.
Customers want private IPv6 address for the innate security boost it offers as resources using private IPv6 address cannot access the internet directly. It also provides assurance for compliance as customers can demonstrate that their resources with private IPv6 addresses are not internet accessible through a quick audit. These customers have no intention of directly routing traffic from these resources to the internet via AWS, and instead use proxies or network appliances for selective internet access via AWS, or route traffic through their on-premise network where the IPv6 address range is advertised to the internet. For such use cases, private IPv6 addressing helps simplify IP addressing and VPC network configuration in IPv6.
Private IPv6 addressing for VPCs and subnets is now available in all AWS commercial regions and AWS GovCloud (US) regions, in both Free Tier and Advanced Tier VPC IPAM. To learn more about IPv6 addressing type, see the blog and VPC documentation, and to get started, please see the IPAM documentation page.