AWS Database Migration Service- Service endpoint is IPv4 only
- Replication instances can be dual stack
| 2/5 | 2023-08-03 |
AWS Fargate- Note: partially includes ECS, as this is an alternative for running ECS tasks
- ECS service endpoint is IPv4 only
- ECS service connect endpoint has AAAA records
- Fargate tasks can use an IPv6 address
| 3/5 | 2023-08-01 |
AWS Global Accelerator- Service endpoint is IPv4 only
- Accelerator can be dual stack, however the web console defaults to IPv4 only
- Accelerator can't be IPv6 only, forcing 2 IPv4 addresses to be used
| 2/5 | 2023-08-01 |
AWS Identity and Access Management (IAM)- Service endpoint is IPv4 only
- IAM policies support IPv6 where a service uses it
| 1/5 | 2023-08-02 |
AWS PrivateLink- Service endpoint is IPv6 in some regions only (uses EC2 endpoint)
- PrivateLink endpoint can be IPv4, dual stack, or IPv6 only
| 4/5 | 2023-08-05 |
AWS Secrets Manager- Service endpoints have AAAA records
| 4/5 | 2023-08-01 |
AWS Shield- Service endpoint is IPv4 only
- Supports IPv6 resources
| 3/5 | 2023-08-05 |
AWS Transit Gateway- Service endpoint is IPv6 in some regions only (uses EC2 endpoint)
- Supports IPv6 traffic
- Can't create a transit gateway attachment using IPv6-only subnets
| 3/5 | 2023-08-05 |
AWS VPN- Service endpoint is IPv6 in some regions only (uses EC2 endpoint)
- IPv6 traffic can be tunnelled inside a VPN
- VPN can be either IPv4 or IPv6 - not both
- Traffic is carried over IPv4
| 2/5 | 2023-08-05 |
AWS WAF- This refers to WAFv2
- Service endpoint is IPv4 only
- Support for filtering IPv6 traffic
| 3/5 | 2023-08-03 |
AWS WAF Regional- This refers to WAF Classic (now deprecated - WAFv2 is preferred)
- Service endpoint is IPv4 only
- Support for filtering IPv6 traffic, although CIDR filtering options are limited
| 2/5 | 2023-08-03 |
| AWS Well-Architected Tool | 2/5 | 2023-08-03 |
Amazon Athena- Service endpoints have AAAA records
- Private endpoints support IPv6
| 5/5 | 2023-08-01 |
Amazon CloudFront- Service endpoint is IPv4 only
- Distributions can be IPv6 enabled, this is defaulted to enabled in the web console
- Origin pull is IPv4 only, fetching data over IPv6 is unsupported
- CloudFront-Viewer-Address header is not enclosed in brackets
| 2/5 | 2023-08-01 |
Amazon ElastiCache- Service endpoint is IPv4 only
- Cache instances can be IPv4, dual stack, or IPv6 only
- Public IPv6 connectivity is not possible (and undocumented, although this would not follow best practice - there should be an option to enable it)
| 3/5 | 2023-08-02 |
Amazon Elastic Block Store (EBS)- Service endpoint is IPv6 all regions
- API to manage volumes and snapshots are part of the EC2 service endpoint, which has mixed IPv6 support
| 4/5 | 2023-08-01 |
Amazon Elastic Compute Cloud (EC2)- Service endpoint is IPv6 in some regions only
- EC2 instances can be allocated a public IPv6 address
- EC2 instances can be allocated a routed IPv6 subnet
- EC2 instances can't be allocated an IPv6 address and subnet simultaneously
- Good support for internal endpoints (IMDS, NTP, DNS)
- EC2 instances can be IPv6 only
| 3/5 | 2023-08-01 |
| Amazon Elastic Container Registry Public | 1/5 | 2023-08-01 |
Amazon Elastic Container Service (ECS)- ECS service endpoint is IPv4 only
- ECS service connect endpoint has AAAA records
- ECS tasks with awsvpc networking mode can get an IPv6 address
- ECS tasks with host networking mode can communicate over IPv6
- ECS tasks with host networking are not allocated an individual routed IPv6 address
| 2/5 | 2023-08-01 |
Amazon Macie- Service endpoint is IPv4 only
- Supports IPv6 addresses in personally identifiable information (PII)
| 2/5 | 2023-08-03 |
Amazon Relational Database Service (RDS)- Amazon RDS service endpoints have AAAA records
- Amazon RDS Performance Insights service endpoints have AAAA records
- Database instances have IPv6 support
- Can't enable public IPv4 when choosing dual stack
- IPv6 only subnets are not supported
- Public IPv6 connectivity is not supported
| 2/5 | 2023-08-01 |
Amazon Route 53- Service endpoint is IPv4 only
- DNS servers for hosted domains are dual stack
- Health checks can connect to IPv6 servers
| 3/5 | 2023-08-01 |
Amazon Route 53 Resolver- Service endpoint is IPv4 only
- Endpoint can be IPv4, IPv6 or dual stack
| 3/5 | 2023-08-01 |
Amazon Simple Storage Service (S3)- Service endpoints have AAAA records
- Buckets can be accessed over a specific dual stack hostname, rather than configuring a bucket to be dual stack
- S3 website endpoints are IPv4 only
- Private endpoints are IPv4 only
| 3/5 | 2023-08-03 |
Amazon Virtual Private Cloud (VPC)- Service endpoint is IPv4 only (uses EC2 service endpoint)
- VPC can be allocated a /56, with /64 allocated to zone subnets
- IPv6 is not enabled for default VPC, and is not a standard when creating a VPC in the webconsole
- Reachability analyser is IPv4 only for IP addresses
| 3/5 | 2023-08-03 |
Amazon WorkSpaces- Service endpoint is IPv4 only
- Workspace instances can use IPv6 traffic
- Workspace client does not support IPv6
| 2/5 | 2023-08-05 |
Elastic Load Balancing- Service endpoint is IPv4 only
- Load balancers have dual stack support
- Load balancers can't be IPv6 only, forcing users to have a public IPv4 address per availability zone
| 2/5 | 2023-08-01 |
Route53 Application Recovery Controller - Zonal Shift- Service endpoint is IPv4 only
- Has a readiness rule for IPv6 CIDR blocks
| 1/5 | 2023-08-03 |