使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Is there a plan for SSM public endpoints to support IPv6?

0

Given the incoming charges for public IPv4 addresses: https://aws.amazon.com/blogs/aws/new-aws-public-ipv4-address-charge-public-ip-insights/

And given that SSM currently only supports IPv4:

AWS Systems Manager must have IPv4 connectivity to Systems Manager’s endpoints. https://docs.aws.amazon.com/whitepapers/latest/ipv6-on-aws/ipv6-security-and-monitoring-considerations.html

https://stackoverflow.com/a/61340016/924597

Does anyone know if AWS has given any indication if there is a plan for SSM public endpoints to support IPv6?

Is it planned to be implemented before the new charges start being applied?

主題
管理與治理網路與內容交付
標籤
AWS Systems Manager網路與內容交付IPv6工作階段管理
語言
English
Shorn
已提問 9 個月前檢視次數 1562 次
3 個答案
0

SSM can now be used on IPv6 only subnets. You simply need to enable the DNS64 option in the VPC, Subnet configuration. Here are steps to turn on DNS64:

  1. Navigate to the VPC console.
  2. Click on Virtual private cloud > Subnets in the left navigation panel
  3. In the Subnets view, select the desired IPv6 only subnet
  4. From the Actions menu on the top right, select Edit subnet settings.
  5. In the DNS64 settings:.
    • Select Enable DNS64.
  6. Click Save.

The screen shot below show an example of the desired settings: Edit subnet settings for DNS64

You will also need to ensure that outbound routing is also configured correctly. Complete these steps to enable these IPv6-only services to connect with IPv4-only services on the internet:

  1. Add the following routes to the route table of the subnet containing the IPv6-only workloads:
  • 64:ff9b::/96 route pointing to the NAT gateway. This will allow traffic from your IPv6-only workloads destined for IPv4-only services to be routed through the NAT gateway.
  • IPv6 ::/0 route pointing to the egress-only internet gateway (or the internet gateway).

Note that pointing ::/0 to the internet gateway will allow external IPv6 hosts (outside the VPC) to initiate connection over IPv6.

Note that you may need to redeploy any EC2 workloads that were previously launched in order for them to pickup the new network settings and for communications with SSM to be initiated.

For more information, see the following document:

AWS
rePost-User-2322830
已回答 7 個月前
0

As of March 7, 2024, none of the SSM endpoints provides an IPv6 response, so we're still waiting.

Alexandre Alencar
已回答 2 個月前
-2

Hello.
As for SSM public endpoints, they are managed by AWS.
So I don't think it is included in the fee we users pay.
This time, what will be charged for is recognition of EC2, Elastic IP addresses, service-managed public IPv4 addresses (ELBs and NAT Gateways), and BYOIP addresses.
https://aws.amazon.com/jp/blogs/networking-and-content-delivery/identify-and-optimize-public-ipv4-address-usage-on-aws/

Also, I don't believe there has been any announcement yet that SSM Public Endpoints will support IPv6.
https://docs.aws.amazon.com/vpc/latest/userguide/aws-ipv6-support.html

profile picture
專家
Riku_Kobayashi
已回答 9 個月前
profile pictureAWS
專家
Didier_Durand
已審閱 9 個月前
  • Shorn
    9 個月前

    As for SSM public endpoints, they are managed by AWS. So I don't think it is included in the fee we users pay.

    I didn't mean that we have to pay for SSM endpoints. I meant SSM endpoints don't work without public IPv4 connectivity - which we do have to pay for - that's what I'm asking about.

    Note that the aws-ipv6-support.html page doesn't mention SSM at all.

  • Riku_Kobayashi 專家
    9 個月前

    Sorry, I misread that. No announcement has yet been made that SSM's SSM public endpoints will support IPv6.

  • Didier_Durand 專家
    9 個月前

    Correct, no IP v6 re. AWS SSM yet

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容