EC2 Instances and IPv6. Now that the VPC and subnets are set up for IPv6, let's go over how to configure EC2 instances for the same. IPv6 is supported on all current generation EC2 instance types and the C3, R3, and I2  previous generation instance types. When you create an EC2 instance, if you select a subnet that is enabled for IPv6, you will also get an option on the EC2 instance creation where you can have the subnet auto-assign an IPv6 address.

When this is done, the address is associated with the primary network interface (eth0) of the instance. If you choose, you can disassociate the IPv6 address from the primary network interface. In terms of life cycle, an IPv6 address stays the same when you stop and start the instance. The IPv6 address is released when the instance is terminated. In this example, we launched two t3.micro instances and specified the IPv4 VPC enabled option in the configuration. We also specified for an IPv6 address to be auto assigned to each instance. Notice how we assigned the EC2SSM role to each instance in order for us to be able to use Systems Manager session manager to connect to the instances in a secure way without having to provision access keys or configure SSH. For details on how to use AWS systems manager, please take a look at our course on AWS systems manager listed on your screen. At this point, we take note of the IP addresses for each of the instances.

The IPv6 Dual Stack EC2 instance IPs are defined as listed below. From the Actions menu after selecting an instance, we select 'Connect', and this will start a session manager window in which we can execute commands in this instance terminal. Once connected to an instance, we can use ping6 followed by the IPv6 address of the corresponding pair to observe the response to the command. This verifies that IPv6 connectivity has been enabled and it's functional for the VPC, the subnet, and the EC2 instances.

If you have an IPv6 system configured at home, the routing table will also permit you to test using ping6 or a similar tool. You can add an IPv6 address to an existing instance  configured with IPv4 by selecting the instance and from the actions menu, you can select the 'Actions', 'Networking', and select 'Manage IP addresses'. This will allow you to configure an IPv6 address on the primary network interface for the instance.

You can launch EC2 instances built using the AWS Nitro system in IPv6-only subnets and have them use IPv6-only addressing. Private IPv4 addresses are not required to be assigned. This is an exception, not the norm, because the AWS Nitro system includes a card, a security chip, and a hypervisor that provides the performance equivalent to bare metal for most applications. This is useful if your application requires access to low level host hardware details that are not fully available in virtualized environments.

Licensing and compliance are common use cases. IPv6-only instances are assigned an IPv6 address using DHCP version 6 from the IPv6 set of the subnet. They can access EC2 Instance Metadata, Amazon Time Sync Service, and Route 53 Resolver over IPv6. The local addresses for the instances services in IPv6  use a prefix of fd00:ec2: followed by the rest of the address.

For example, the Time Sync Service is at address fd00:ec2::123. The EC2 Instance Metadata is divided into categories. For IPv4, we are familiar with the URI as shown. Notice the suffix /latest/meta-data/. The last forward slash is meaning because it is a reminder that the metadata represents a directory structure. The IPv6 equivalent is http://[fd00:ec2::254]/test/meta-data/. In both cases, the IP addresses are link-local addresses and are valid only from the instance.