i. Create a VPC with an IPv4 CIDR block and an Amazon-provided IPv6 CIDR block:
VPC_ID=$(aws ec2 create-vpc \
--cidr-block 10.0.0.0/24 \
--amazon-provided-ipv6-cidr-block \
--query 'Vpc.VpcId' \
--output text)
ii. Retrieve the IPv6 CIDR block and IPv4 CIDR block for the VPC:
Ipv6CidrBlock=$(aws ec2 describe-vpcs --vpc-ids $VPC_ID --query 'Vpcs[*].Ipv6CidrBlockAssociationSet[*].Ipv6CidrBlock' --output text)
Ipv6CidrBlockforDualStackSubnet="${Ipv6CidrBlock%/*}/64"
Ipv4CidrBlock=$(aws ec2 describe-vpcs --vpc-ids $VPC_ID --query 'Vpcs[*].CidrBlockAssociationSet[*].CidrBlock' --output text)
iii. Create a dual-stack subnet:
dualStackSubnetID=$(aws ec2 create-subnet \
--vpc-id $VPC_ID \
--cidr-block $Ipv4CidrBlock \
--ipv6-cidr-block $Ipv6CidrBlockforDualStackSubnet)
dualStackSubnetID=$(echo $dualStackSubnetID | jq -r '.Subnet.SubnetId')
vi. Create an internet gateway and attach it to the VPC:
internet_gateway_id=$(aws ec2 create-internet-gateway --query 'InternetGateway.InternetGatewayId' --output text)
aws ec2 attach-internet-gateway \
--internet-gateway-id $internet_gateway_id \
--vpc-id $VPC_ID
v. Retrieve the default route table of the newly created VPC and add routes for IPv4 and IPv6 traffic:
route_table_id=$(aws ec2 describe-route-tables --filters "Name=vpc-id,Values=$VPC_ID" "Name=association.main,Values=true" --query "RouteTables[*].RouteTableId" --output text)
aws ec2 create-route --route-table-id $route_table_id --destination-cidr-block 0.0.0.0/0 --gateway-id $internet_gateway_id
aws ec2 create-route --route-table-id $route_table_id --destination-ipv6-cidr-block ::/0 --gateway-id $internet_gateway_id
vi. Launch an EC2 instance in the dual-stack subnet with both IPv4 and IPv6 addresses:
NOTE: Change the image ID ami-xxxxxx, replace <your_Key> with your desired key pair name, and replace <IPv6-only-subnet-id> with the subnet ID of the IPv6-only subnet you created in the last step.
aws ec2 run-instances --image-id ami-xxxxxx --count 1 --instance-type t3.micro --key-name <your_Key> --subnet-id $dualStackSubnetID --associate-public-ip-address --ipv6-address-count 1 --private-dns-name-options HostnameType=ip-name,EnableResourceNameDnsARecord=true,EnableResourceNameDnsAAAARecord=true
vii. Create an IPv6-only subnet in the same VPC using the AWS Management Console or AWS CLI.
viii. Once the IPv6-only subnet is created, use the subnet ID of the newly created IPv6-only subnet in the following command to launch an EC2 instance with only an IPv6 address:
NOTE: Change the image ID ami-xxxxxx , and replace <IPv6-only-subnet-id> with the subnet ID of the IPv6-only subnet you created in last setp.
aws ec2 run-instances --image-id ami-xxxxxx --count 1 --instance-type t3.micro --key-name <your_Key> --subnet-id <IPv6onlySubentIdHere> --ipv6-address-count 1 --private-dns-name-options HostnameType=resource-name,EnableResourceNameDnsARecord=false,EnableResourceNameDnsAAAARecord=true
After this entire process, allow the security group SSH from the dual-stack instance to the IPv6-only instance. Then, connect from your local instance to the dual-stack instance using IPv4, and from the dual-stack instance, connect to the IPv6-only instance using its IPv6 address. I assume you have uploaded the required key into the dual-stack instance to connect to the IPv6 instance.
NOTE: Here, we are using the dual-stack instance as a bastion host if your local network does not have proper IPv6 routing. If you have proper IPv6 routing, the dual-stack instance and subnet are not required; you can directly connect to the IPv6-only instance.
Top comments (0)