I want to set up my Amazon Virtual Private Cloud (Amazon VPC), and need to know if IPv6 supports Elastic IP addresses and NAT Gateways. How can I configure my IPv6 subnet to be a private subnet?
IPv4-only VPCs can use private subnets if there is no route to the internet gateway in the associated route table. IPv4-only private subnets can also use NAT gateways to allow access from private AWS resources to the internet.
In an Amazon VPC where IPv6 is enabled, all the addresses associated with the instance are global unicast addresses, and therefore don't require a NAT gateway. NAT gateways are not supported for IPv6, and Amazon VPCs do not support Elastic IP addresses for IPv6.
If you want your IPv6 address to access the internet, but you don't want resources on the internet to initiate communication with your instance, you can use an egress-only internet gateway.
- Create an egress-only internet gateway in your Amazon VPC.
- Add a route to your route table that points all IPv6 traffic (::/0) or a specific range of IPv6 addresses to the egress-only internet gateway.
After completing these steps, IPv6 traffic in the subnet that is associated with the route table is routed to the egress-only internet gateway.