By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CloudFront support for IPv6 origins

8

I have an EC2 instance that is an origin for a CloudFront distribution. The only connections that ever come into that server are from CloudFront. I am working on minimizing my usage of public IPv4 addresses but I can't get CloudFront to work with it when using IPv6.

What I tried:

  1. Updated my EC2 instance configuration to support IPv6.
  2. Updated EC2 security group configuration to allow IPv6 HTTP connections.
  3. Changed the DNS entry for the CloudFront origin from an IPv4 A record to an IPv6 AAAA record.
  4. Confirmed that the CloudFront distribution has IPv6 enabled.

Result:

  • From another EC2 instance with IPv6 enabled I can access the HTTP server on the IPv6 address and the AAAA DNS record.
  • However, CloudFront fails to connect to the origin when it is IPv6 only.
  • I used a new DNS name so caching of the old A address shouldn't be a problem but it has also been 24 hours and it still isn't working.

I can't find documentation that explicitly states it but this leads me to believe that while CloudFront does support IPv6 viewer connections, origins have to use a public IPv4 address. This is just for my little personal website so I'm trying to keep costs as low as possible and I'd like to avoid the upcoming additional charge for running a public IPv4 address 24/7/365 just for CloudFront to connect to.

Am I missing something and CloudFront does support IPv6 origins? If not is there any plans to add IPv6 support to CloudFront origins?

Topics
ComputeNetworking & Content Delivery
Tags
Amazon EC2Networking & Content DeliveryAmazon CloudFrontIPv6
Language
English
exceptionalnull
asked 6 months ago1892 views
2 Answers
2
Accepted Answer

CloudFront service still does not support IPv6 only [+] and communicate with the Origin using IPv4.

[+] https://docs.aws.amazon.com/vpc/latest/userguide/aws-ipv6-support.html#ipv6-service-support

You will not be able to exclude IPv4 charges completely, as CloudFront needs to communicate to the Origin via public IPv4-address and the solutions like ELB or GA can optimize the charges by reducing the overall number of used public IPv4 [+] but will not exclude those completely.

[+] https://aws.amazon.com/blogs/networking-and-content-delivery/identify-and-optimize-public-ipv4-address-usage-on-aws/

The only way to avoid billing for using IPv4 - use BYOIP IPv4 addresses for public resources in VPC [+]: You will not be charged for IP addresses that you own and bring to AWS using Amazon BYOIP.

[+] https://aws.amazon.com/blogs/aws/new-aws-public-ipv4-address-charge-public-ip-insights/

Our service team is looking into supporting IPv6 requests to origin, but there is no specific date on when this feature will be launched yet. Regardless, we would like to thank you for making your needs known to us. You are making AWS better for all of our customers.

AWS
Makendran G
answered 6 months ago
profile pictureAWS
EXPERT
Tushar_J
reviewed 2 months ago
  • Tom
    2 months ago

    Can I please check what the status is with this? Cmon AWS, you force us to stop using IPv4 by adding charges and now we can't use your services with ipv6!

  • AlexR
    a month ago

    +1 on this Feature Request. With the new IPv4 charges, the cost of running nano-sized spot instances for public demo/dev purposes has DOUBLED.

1

Is there any ETA for this feature we can get from the team?

Thomas
answered 9 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content