Is there a plan for SSM public endpoints to support IPv6?


Given the incoming charges for public IPv4 addresses:

And given that SSM currently only supports IPv4:

AWS Systems Manager must have IPv4 connectivity to Systems Manager’s endpoints.

Does anyone know if AWS has given any indication if there is a plan for SSM public endpoints to support IPv6?

Is it planned to be implemented before the new charges start being applied?

3 Answers

SSM can now be used on IPv6 only subnets. You simply need to enable the DNS64 option in the VPC, Subnet configuration. Here are steps to turn on DNS64:

  1. Navigate to the VPC console.
  2. Click on Virtual private cloud > Subnets in the left navigation panel
  3. In the Subnets view, select the desired IPv6 only subnet
  4. From the Actions menu on the top right, select Edit subnet settings.
  5. In the DNS64 settings:.
    • Select Enable DNS64.
  6. Click Save.

The screen shot below show an example of the desired settings: Edit subnet settings for DNS64

You will also need to ensure that outbound routing is also configured correctly. Complete these steps to enable these IPv6-only services to connect with IPv4-only services on the internet:

  1. Add the following routes to the route table of the subnet containing the IPv6-only workloads:
  • 64:ff9b::/96 route pointing to the NAT gateway. This will allow traffic from your IPv6-only workloads destined for IPv4-only services to be routed through the NAT gateway.
  • IPv6 ::/0 route pointing to the egress-only internet gateway (or the internet gateway).

Note that pointing ::/0 to the internet gateway will allow external IPv6 hosts (outside the VPC) to initiate connection over IPv6.

Note that you may need to redeploy any EC2 workloads that were previously launched in order for them to pickup the new network settings and for communications with SSM to be initiated.

For more information, see the following document:

answered 7 months ago

As of March 7, 2024, none of the SSM endpoints provides an IPv6 response, so we're still waiting.

answered 2 months ago

As for SSM public endpoints, they are managed by AWS.
So I don't think it is included in the fee we users pay.
This time, what will be charged for is recognition of EC2, Elastic IP addresses, service-managed public IPv4 addresses (ELBs and NAT Gateways), and BYOIP addresses.

Also, I don't believe there has been any announcement yet that SSM Public Endpoints will support IPv6.

profile picture
answered 8 months ago
profile pictureAWS
reviewed 8 months ago
  • As for SSM public endpoints, they are managed by AWS. So I don't think it is included in the fee we users pay.

    I didn't mean that we have to pay for SSM endpoints. I meant SSM endpoints don't work without public IPv4 connectivity - which we do have to pay for - that's what I'm asking about.

    Note that the aws-ipv6-support.html page doesn't mention SSM at all.

  • Sorry, I misread that. No announcement has yet been made that SSM's SSM public endpoints will support IPv6.

  • Correct, no IP v6 re. AWS SSM yet

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions