Creating Private Subnets with IPv6 with Egress-Only IGW
Start course

In this course, we will review some of the internet protocol version 4 features of Amazon VPCs. Then you will be presented with internet protocol version 6, its notation and how to enable it for use with Amazon Virtual Private Clouds and EC2 Instances.

Learning Objectives

Discuss IPv4, IPv6 and how to configure it to be supported by Amazon VPCs and EC2 Instances.

Intended Audience

This course is intended for architects and system operators looking to benefit by using IPv6 addressing with AWS resources. This course also covers some of the objectives for both the solutions architect professional and the AWS Networking Specialty certifications. 


To get the most out of this course you will need to meet the requirements for any of the AWS associate level certifications or the equivalent experience.  

This course expects that you are familiar with the fundamentals of networking using AWS including Amazon Virtual Private Clouds, Public Subnets, Private Subnets, and IPv4 as used in EC2 Instances.  


Creating private subnets with IPv6 with egress-only Internet gateway. The idea of a private subnet also needs to be discussed for IPv6. In the diagram, we get to see that for IPv4, every item on the public subnet is using a public address or an elastic IP address. We also see a NAT gateway performing on behalf of the resources located in the private subnet. I'm providing a one-way path to the public Internet where if the connection initiates from the private subnet, the response will arrive back. 

However, a connection from the outside into the private subnet is not possible. We discussed that for IPv6, all addresses are publicly addressable. So, now we have a bit of an issue if we want to provision on IPv6 instance and maintain it private. To resolve that situation, the egress-only Internet gateway is used. An egress-only Internet gateway provides IPv6 traffic to the Internet when the connection is initiated on the private subnet. However, resources on the public Internet are prevented from initiating a connection to your IPv6 resources in your private subnet. It is important to keep in mind that when using IPv6, you also need to make the corresponding entries and route tables, security groups, and network access control lists.


About the Author
Jorge Negrón
AWS Content Architect
Learning Paths

Experienced in architecture and delivery of cloud-based solutions, the development, and delivery of technical training, defining requirements, use cases, and validating architectures for results. Excellent leadership, communication, and presentation skills with attention to details. Hands-on administration/development experience with the ability to mentor and train current & emerging technologies, (Cloud, ML, IoT, Microservices, Big Data & Analytics).