How can I configure my IPv6 subnet as a private subnet?

Last updated: 2022-08-25

I want to set up my Amazon Virtual Private Cloud (Amazon VPC) and configure my IPv6 subnet to be a private subnet. How can I do this?

Short description

IPv4-only VPCs can use private subnets if there is no route to the internet gateway in the associated route table. IPv4-only private subnets can also use NAT gateways to allow access from private AWS resources to the internet.

In an Amazon VPC where IPv6 is activated, all the addresses associated with the instance are global unicast addresses. Therefore, they don't require a NAT gateway.

Note: Amazon VPCs don't support Elastic IP addresses for IPv6.

Resolution

Use an egress-only internet gateway to allow your IPv6 address to access the internet, without internet resources initiating communication with your instance.

  1. Create an egress-only internet gateway in your Amazon VPC.
  2. Add a route to your route table that points all IPv6 traffic (::/0) or a specific range of IPv6 addresses to the egress-only internet gateway.

After completing these steps, IPv6 traffic in the subnet that is associated with the route table is routed to the egress-only internet gateway.