- Newest
- Most votes
- Most comments
SSM can now be used on IPv6 only subnets. You simply need to enable the DNS64 option in the VPC, Subnet configuration. Here are steps to turn on DNS64:
- Navigate to the VPC console.
- Click on Virtual private cloud > Subnets in the left navigation panel
- In the Subnets view, select the desired IPv6 only subnet
- From the Actions menu on the top right, select Edit subnet settings.
- In the DNS64 settings:.
- Select Enable DNS64.
- Click Save.
The screen shot below show an example of the desired settings:
You will also need to ensure that outbound routing is also configured correctly. Complete these steps to enable these IPv6-only services to connect with IPv4-only services on the internet:
- Add the following routes to the route table of the subnet containing the IPv6-only workloads:
- 64:ff9b::/96 route pointing to the NAT gateway. This will allow traffic from your IPv6-only workloads destined for IPv4-only services to be routed through the NAT gateway.
- IPv6 ::/0 route pointing to the egress-only internet gateway (or the internet gateway).
Note that pointing ::/0 to the internet gateway will allow external IPv6 hosts (outside the VPC) to initiate connection over IPv6.
Note that you may need to redeploy any EC2 workloads that were previously launched in order for them to pickup the new network settings and for communications with SSM to be initiated.
For more information, see the following document:
As of March 7, 2024, none of the SSM endpoints provides an IPv6 response, so we're still waiting.
Hello.
As for SSM public endpoints, they are managed by AWS.
So I don't think it is included in the fee we users pay.
This time, what will be charged for is recognition of EC2, Elastic IP addresses, service-managed public IPv4 addresses (ELBs and NAT Gateways), and BYOIP addresses.
https://aws.amazon.com/jp/blogs/networking-and-content-delivery/identify-and-optimize-public-ipv4-address-usage-on-aws/
Also, I don't believe there has been any announcement yet that SSM Public Endpoints will support IPv6.
https://docs.aws.amazon.com/vpc/latest/userguide/aws-ipv6-support.html
Relevant content
- Accepted Answerasked 3 months ago
- asked 6 months ago
- Accepted Answerasked a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a month ago
I didn't mean that we have to pay for SSM endpoints. I meant SSM endpoints don't work without public IPv4 connectivity - which we do have to pay for - that's what I'm asking about.
Note that the
aws-ipv6-support.html
page doesn't mention SSM at all.Sorry, I misread that. No announcement has yet been made that SSM's SSM public endpoints will support IPv6.
Correct, no IP v6 re. AWS SSM yet