Amazon VPC and Public Subnets
Start course

In this course, we will review some of the internet protocol version 4 features of Amazon VPCs. Then you will be presented with internet protocol version 6, its notation and how to enable it for use with Amazon Virtual Private Clouds and EC2 Instances.

Learning Objectives

Discuss IPv4, IPv6 and how to configure it to be supported by Amazon VPCs and EC2 Instances.

Intended Audience

This course is intended for architects and system operators looking to benefit by using IPv6 addressing with AWS resources. This course also covers some of the objectives for both the solutions architect professional and the AWS Networking Specialty certifications. 


To get the most out of this course you will need to meet the requirements for any of the AWS associate level certifications or the equivalent experience.  

This course expects that you are familiar with the fundamentals of networking using AWS including Amazon Virtual Private Clouds, Public Subnets, Private Subnets, and IPv4 as used in EC2 Instances.  


Amazon VPC and Public Subnets Review. The first VPC we get to discuss is the default VPC. This represents a pre-fabricated VPC which will permit you to experiment with networking and with EC instances without having to provision your own infrastructure. The default VPC is more than a convenience. It provides some of the basic parts of the VPC for us to review. We see that there is an internet gateway and a router with a public subnet route. For the default VPC, the assigned CIDR is always Also, for the default VPC, there will be a public subnets associated with each individual availability zone in the region, and the size of each of these subnets is a /20. 

The process of how to create a public subnet, is worth discussing in the default VPC. You will see a public subnet. A public subnet needs to be defined and it involves a number of steps. Let's take it from the beginning. A VPC represents your own private space in the AWS cloud. To define a VPC, you need to provide a region, a name for the VPC, and an IPv4 CIDR block. The IPv4 CIDR is required, you can choose to opt-in and associate an IPv6 CIDR block with the VPC. The VPC will operate then in dual-stack mode. There are no VPCs with IPV6 only available in AWS. Only dual-stack mode, VPCs are supported. After you create a VPC. You can move to create an internet gateway and attach it to that VPC. For Amazon VPCs, the internet gateway provides access to the public internet and it supports both IPv4 and IPv6 addresses.

The next step is to associate a route with the subnets, which specifies the all addresses CIDR for both IPv4 and IPv6 and assign the internet gateway ID to be the target to process that traffic. This makes things simpler because the steps to create a public subnets are the same for both IPv4 and IPv6. You just need to remember to adjust your route tables, security groups, and network access control list for the IPv6 required entries. Let's look at some examples. If you choose to enable IPv6 and select the option 'Amazon-provided IPv6 CIDR block', AWS will automatically assign your VPC a CIDR block of the form /56 similar to those shown. For subnets and EC2 instances, there are IPv6-only options. 

These are very useful options that improve the rate of adoption of IPv6-only workloads. The type of workload in need of IPv6-only architecture can possibly be a fleet of container applications that consume a large number of IP addresses, and the limited size of the IP before space makes it difficult to implement. In summary, dual stack VPCs are a requirement. However, you can define an IPV6-only subnet if needed, with potential EC2 instances using IPv6-only, also provided that they are of the Nitro hype instance. When you create a subnet, you provide the VPC ID where you want to subnet. You then specify subnets settings like a name and an availability zone. An optional IPv4 CIDR can be specified as well, and you can specify whether to assign an IPv6 CIDR or not.

If you choose to use the IPv6 option for your subnets, whether in dual stack or IPv6 only mode, you get to choose the last two hex to decimal digits of the subnets CIDR. AWS automatically assigns the subnet an IPv6 CIDR of the form /64 similar to the ones shown below. In these addresses, you get to define the last two hex decimal digit. Note that with IPv6, there is no need to plan for VPC or subnet sizing. The last detail regarding VPCs, subnets, and IPv6 is that you can always convert an existing IPv4 VPC to use IPv6 in dual-stack mode. This includes adding an IPv6 CIDR  to the VPS and a subnet. Then you can assign IPv6 addresses to an existing EC2 instances. 

How do we get this done? First, you select your IPv4VPC. Then, in the details panel, select CIDRs to examine its current configuration. From the 'Actions' menu you can select 'Edit CIDRS' to get a panel to configure the VPC CIDRs. You can select 'Add new IPv6 sites'. Notice that the button to add a new IPv6 CIDR becomes disabled as you can only assign a single IPv6 CIDR to a VPC. Accordingly, you can select your public IPv4 subnet and, under the actions menu, you can select 'Edit IPv6 CIDRs' and add an IPv6 CIDR to your subnet. Support for IPv6 and VPCs, subnets, and EC2 instances continues to increase as general adoption by IPv6 also continues to increase.


About the Author
Jorge Negrón
AWS Content Architect
Learning Paths

Experienced in architecture and delivery of cloud-based solutions, the development, and delivery of technical training, defining requirements, use cases, and validating architectures for results. Excellent leadership, communication, and presentation skills with attention to details. Hands-on administration/development experience with the ability to mentor and train current & emerging technologies, (Cloud, ML, IoT, Microservices, Big Data & Analytics).