Bug Report: Incoming IPv6 traffic blocked after making changes to security group

I have a 't4g.small' EC2 instance running NGINX on 'Ubuntu-Jammy-22.04-arm64-server-20230919' (AMI ID: ami-03fd0aa14bd102718).

I have my VPC, subnet, route table, network ACL, security group, and internet gateway, all set up and working properly - my instance is reachable via HTTP/HTTPS/SSH over both IPv4 and IPv6. Life is good.

The problem arises whenever I make changes to my security group's inbound rules.

When removing SSH (port 22) access via IPv4 from my security group's inbound ruleset (only IPv6 allowed), everything still appears to work as expected. But the very next day, ALL incoming IPv6 traffic gets blocked, regardless of port (HTTP/HTTPS/SSH). IPv4 access still works.

During this downtime, the EC2 instance is able to 'ping6 ipv6.google.com' and get a response. If I spin up a new EC2 instance, it too exhibits the same IPv6 connectivity issue.

If I wait another day without making any changes to my security group, IPv6 becomes operational again - incoming IPv6 traffic is allowed.

I also see no difference in output between working / not working when running the linux commands:

ip -f inet6 address

ip -f inet6 route

Figured I'd report this odd behavior rather than ignore it.

Thank you for reading.