Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

CloudFront support for IPv6 origins

15

I have an EC2 instance that is an origin for a CloudFront distribution. The only connections that ever come into that server are from CloudFront. I am working on minimizing my usage of public IPv4 addresses but I can't get CloudFront to work with it when using IPv6.

What I tried:

  1. Updated my EC2 instance configuration to support IPv6.
  2. Updated EC2 security group configuration to allow IPv6 HTTP connections.
  3. Changed the DNS entry for the CloudFront origin from an IPv4 A record to an IPv6 AAAA record.
  4. Confirmed that the CloudFront distribution has IPv6 enabled.

Result:

  • From another EC2 instance with IPv6 enabled I can access the HTTP server on the IPv6 address and the AAAA DNS record.
  • However, CloudFront fails to connect to the origin when it is IPv6 only.
  • I used a new DNS name so caching of the old A address shouldn't be a problem but it has also been 24 hours and it still isn't working.

I can't find documentation that explicitly states it but this leads me to believe that while CloudFront does support IPv6 viewer connections, origins have to use a public IPv4 address. This is just for my little personal website so I'm trying to keep costs as low as possible and I'd like to avoid the upcoming additional charge for running a public IPv4 address 24/7/365 just for CloudFront to connect to.

Am I missing something and CloudFront does support IPv6 origins? If not is there any plans to add IPv6 support to CloudFront origins?

Topics
ComputeNetworking & Content Delivery
Tags
Amazon CloudFrontAmazon EC2Networking & Content DeliveryIPv6
Language
English
asked 2 years ago6.9K views
11 Answers
10

Is there any ETA for this feature we can get from the team?

answered 2 years ago
  • Urda
    a year ago

    This really needs prioritization since AWS has started forcing IPv4 charges on to us.

  • Urda
    a year ago

    I recommend cutting a support ticket requesting this in your impacted accounts.

  • Urda
    a year ago

    I still cannot believe AWS forced IPv4 pricing without supporting IPv6 across their full stack. Asked support again about IPv6 and just said it is "coming".

7

This makes the IPv4 charge seem more like a money-grab than an actual attempt at reducing the use of IPv4. Come on, Amazon, I started with you years ago because you were the best value. You've started making more decisions that are increasing my bills without me having any recourse.

answered 2 years ago
5
Accepted Answer

CloudFront service still does not support IPv6 only [+] and communicate with the Origin using IPv4.

[+] https://docs.aws.amazon.com/vpc/latest/userguide/aws-ipv6-support.html#ipv6-service-support

You will not be able to exclude IPv4 charges completely, as CloudFront needs to communicate to the Origin via public IPv4-address and the solutions like ELB or GA can optimize the charges by reducing the overall number of used public IPv4 [+] but will not exclude those completely.

[+] https://aws.amazon.com/blogs/networking-and-content-delivery/identify-and-optimize-public-ipv4-address-usage-on-aws/

The only way to avoid billing for using IPv4 - use BYOIP IPv4 addresses for public resources in VPC [+]: You will not be charged for IP addresses that you own and bring to AWS using Amazon BYOIP.

[+] https://aws.amazon.com/blogs/aws/new-aws-public-ipv4-address-charge-public-ip-insights/

Our service team is looking into supporting IPv6 requests to origin, but there is no specific date on when this feature will be launched yet. Regardless, we would like to thank you for making your needs known to us. You are making AWS better for all of our customers.

AWS
EXPERT
answered 2 years ago
AWS
EXPERT
reviewed 2 years ago
  • Tom
    2 years ago

    Can I please check what the status is with this? Cmon AWS, you force us to stop using IPv4 by adding charges and now we can't use your services with ipv6!

  • AlexR
    2 years ago

    +1 on this Feature Request. With the new IPv4 charges, the cost of running nano-sized spot instances for public demo/dev purposes has DOUBLED.

  • realtebo
    2 years ago

    please, keep efforts on this. we need do remove as much as possible public ipv4!

  • Jesper
    a year ago

    Are there any timeline or roadmap on this feature? This will allow me to remove my elastic IPs and cut costs with 25%.

2

Amazon CloudFront now supports IPv6 origins for end-to-end IPv6 delivery
https://aws.amazon.com/blogs/networking-and-content-delivery/amazon-cloudfront-now-supports-ipv6-origins-for-end-to-end-ipv6-delivery/

AWS
answered 3 months ago
AWS
EXPERT
reviewed 3 months ago
1

Here we go - not always the solution for IPv6 origins, but at least you can now use the brand new feature called 'VPC origins': https://aws.amazon.com/blogs/aws/introducing-amazon-cloudfront-vpc-origins-enhanced-security-and-streamlined-operations-for-your-applications/

So you can now declare an EC2 instance as a private resource to your Cloudfront distro and use that over private networking so you can change your EC2 from IPv4 to IPv6 now - bingo!

Let me know if you have any questions.

answered a year ago
  • AlexR
    a year ago

    VPC Origins unfortunately lacks Cloud Formation support.

  • jonb
    a year ago

    It also lacks Lambda@Edge support.

1

It's really need to be prioritised. The competitors like Cloudflare support IPv6-only origins probably since a few years and having no such feature in AWS CloudFront is very disappointing, especially if AWS blames the lack of IPv4 addresses and charges for their usage.

answered a year ago
1

IPV4 is Now Money Making service of AWS. Their own services are not supporting ipv6, then why are they charging for ipv4.

answered a year ago
1

The feature is now supported. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-enable-ipv6.html

AWS
answered 3 months ago
0

Why is this still not possible, but AWS also doesn't mind forcing the charge down to us while also spending their resources on just a UI update on the console?

answered a year ago
0

The VPC origins is still insufficient. Mainly for me, it does not support Lambda@Edge functions. Is it really that hard for CloudFront to interface with a public IPv6 load balancer? VPC origins are a nice feature but they do not address the issue here. Again, this is extremely hypocritical of AWS to say they are forcing us to reduce our IPv4 usage when they themselves can't even handle IPv6.

answered a year ago
0

Amazon CloudFront now supports IPv6-only and dual-stack origins. https://aws.amazon.com/about-aws/whats-new/2025/09/amazon-cloudfront-ipv6-origins/

AWS
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content