How can I configure my IPv6 subnet as a private subnet?

2 minutos de lectura

I want to set up my Amazon Virtual Private Cloud (Amazon VPC) and configure my IPv6 subnet to be a private subnet.

Short description

IPv4-only VPCs can use private subnets if there is no route to the internet gateway in the associated route table. IPv4-only private subnets can also use NAT gateways to allow access from private AWS resources to the internet.

In an Amazon VPC where IPv6 is activated, all the addresses associated with the instance are global unicast addresses. Therefore, they don't require a NAT gateway.

Note: Amazon VPCs don't support Elastic IP addresses for IPv6.


Use an egress-only internet gateway to allow your IPv6 address to access the internet, without internet resources initiating communication with your instance.

1.    Create an egress-only internet gateway in your Amazon VPC.

2.    Add a route to your route table that points all IPv6 traffic (::/0) or a specific range of IPv6 addresses to the egress-only internet gateway.

After completing these steps, IPv6 traffic in the subnet that is associated with the route table is routed to the egress-only internet gateway.

Related information

DNS64 and NAT64

VPC that supports IPv6 addressing

Create a dual-stack VPC and subnets using the AWS CLI

VPC with public and private subnets (NAT)

OFICIAL DE AWSActualizada hace 9 meses