- Newest
- Most votes
- Most comments
What is the purpose of this attribute if you can't actually set it? Is it something only AWS support can set?
The ipv6.deny_all_igw_traffic attribute is designed to block or allow Internet Gateway (IGW) access to the load balancer. It plays a crucial role in managing how IPv6 traffic is handled in relation to your AWS environment. Specifically, this attribute is set to false for internet-facing load balancers, allowing them to communicate via the internet. Conversely, it is set to true for internal load balancers, thereby preventing any unintended access to these internal systems through an internet gateway.
ℹ️ Generally, it is preset based on the type of load balancer (internet-facing or internal) you configure, and it is not modifiable by the users directly through the AWS Management Console or API.
Is there a particular reason AWS don't let you modify this attribute?
I assume that AWS restricts direct user modification of the ipv6.deny_all_igw_traffic attribute to maintain standardized security and operational practices across their services. By controlling this setting based on the type of load balancer, internal or internet-facing, AWS ensures that unintended public access is prevented, safeguarding internal networks.
Relevant content
- asked 5 months ago
- asked 7 months ago
AWS OFFICIALUpdated 7 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
But if it is just a proxy for the load balancer scheme why make it an attribute at all? Especially given AWS is now charging for IPV4 addresses, It seems unfortunate to not be able to create an IPv6 only LB, and on the face of it the only issue is that this attribute does not appear to be user-configurable
But if you use an internet-facing load balancer you would be able to use IPv6 protocol and configure for dual stack network (both IPv4 & IPv6) you can read more about this here: Scaling the dual-stack network design in AWS
Currently, you can't exclusively use IPv6, but AWS is increasingly encouraging and moving towards IPv6 as the default option.
Yeah this is the core of the problem, because you can't turn
ipv6.deny_all_igw_trafficoff, you can't provision a load balancer with only a publicly routable IPv6 addressYes but then you get IPv4 addresses which cost almost 50% of the load balancer itself...
This would feel less disingenuous if their support for IPv6 wasn't so terrible, its hard not to be cynical about their motivations for charging for IPv4 addresses when they don't provide the tools to actually not use them... Extremely few services work with IPv6
You're right; currently, IPv6 cannot be used exclusively; a dual-stack approach is necessary. AWS is indeed encouraging a gradual shift from IPv4 to IPv6. As you might be aware, IPv4 addresses are becoming increasingly scarce, and the cost of acquiring a public IPv4 address has surged by over 300% in the past five years. This cost increase not only reflects AWS's expenses but also aims to promote more economical use of public IPv4 addresses among users. It encourages the adoption of IPv6 as part of modernization efforts and resource conservation. It appears likely that AWS will soon implement IPv6 protocols more extensively across its services.