Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add complaints about API Gateway, ECR, Cloudfront, Lambda and the service API landscape in general #6

Merged
merged 6 commits into from
Sep 26, 2023
Merged

Add complaints about API Gateway, ECR, Cloudfront, Lambda and the service API landscape in general #6

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
bd5b97c
mecker mecker mecker
apparentorder Aug 30, 2023
506d7fe
update API Gateway: no IPv6 anywhere
apparentorder Aug 30, 2023
f3c537a
add note about App Runner VPC connector
apparentorder Aug 30, 2023
e639f5f
complain about Appsync too
apparentorder Aug 31, 2023
d740aa9
complain about clientVPN too
apparentorder Aug 31, 2023
1de0f14
fix typo: missing "not"
apparentorder Sep 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
10 changes: 8 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,11 @@ Now that AWS [is charging per IPv4 address](https://aws.amazon.com/blogs/aws/new
| Auto Scaling Groups | Auto Scaling Groups can only register/de-register instances to target groups via 'instance-id' and not 'ip-address', and 'instance-id' only supports IPv4 targets. |
| Systems Manager | The SSM Agent requires IPv4 access to Systems Manager endpoints in order to function |
| Kinesis/SQS | Examples of possible high volume AWS services, not supporting IPv6. Requiring you to make the trade of between paying $3.50 a month for every ec2 instance using it, or spawning a VPC endpoint at 10.5$ a month for every AZ and 0.01$ per GB. And do not forget to update all your code/config to use these new endpoints. |
| App Runner | No option to select IPv6. Defaults to IPv4. |

| App Runner | No option to select IPv6 for ingress. Defaults to IPv4. No support for IPv6 VPC connectors. |
| API Gateway | IPv4 only (for incoming requests; for HTTP proxy requests; for VPC links) |
| ECR (public and private) | No IPv6 endpoints to pull from, so you need IPv4 for your 17+ services that run containers |
| Cloudfront | Cannot pull from IPv6 origins, so your origin *must* be available via public IPv4 |
| AppSync | GraphQL endpoints are IPv4-only |
| ClientVPN | Currently the Client VPN service does not support routing IPv6 traffic through the VPN tunnel. |
| Lambda | Lambda's execution environment does not support IPv6 at all. Neither "naked" nor in-VPC Lambda function can connect to IPv6 targets, with [some customers even migrating away from Lambda](https://twitter.com/tim_nolet/status/1696206569090789416) |
| Almost all of them! | >90% of AWS service API endpoints to do not support IPv6 at all, so they cannot be used by AWS CLI, SDKs etc. from an IPv6-only VPC.<br>Some services support separate "dualstack" endpoints that require [special configuration](https://docs.aws.amazon.com/sdkref/latest/guide/feature-endpoints.html) (also known as Coward's Endpoints).<br>Some services support IPv6 only in select regions, like EC2.<br>Only 3% of service endpoints support True IPv6™ by default.<br>For a complete list, see [this map](https://awsipv6.neveragain.de). |