HON’s Wiki # AWS

Home / Cloud

Contents

• General
• Networking (VPC etc.)
  • Security Groups
  • Add IPv6 Support
• EC2
  • General
  • Networking

General

• Note that almost everything is tied to some availability zone, so make sure your active zone is the correct one before making any changes.

Networking (VPC etc.)

Security Groups

• Remember to setup IPv6 rules too (typically mirroring the IPv4 ones).
• Typical DMZ setup: Allow everything from everywhere.
• Typical non-DMZ setup: Allow ICMPv4, ICMPv6 and SSH from everywhere.

Add IPv6 Support

1. Add an IPv6 prefix to the VPC:
   1. Find the VPC.
   2. Enter the “edit CIDRs” config page.
   3. Add an Amazon-managed IPv6 prefix.
2. Add a default gateway for the new prefix:
   1. Enter the “routing tables” page and find the table associated with the VPC.
   2. Click “edit routes”.
   3. Add a new route with destination ::/0 and the same internet gateway as for the IPv4 default route as the target.
3. Create a subnet from the IPv6 prefix:
   1. Enter the “subnets” page.
   2. (Optional) Delete the existing IPv4-only subnets (not possible if any resources are using them).
   3. Create a new dual-stack subnet for the VPC, with no name (optional), the same availability zone as the VM/resource to use it with. Select some IPv4 subnet (e.g. the first /24) and IPv6 subnet (e.g. add 00 to the templated subnet) from the VPC prefixes.

EC2

General

Networking

• Warning: The primary network interface of a VM can’t be changed after creation. Likewise, the “subnet” of an existing network interface can’t be changed. Make sure you assign the VM to the correct subnet (or network interface) during creation. (Required e.g. if you want IPv6 support.)
• For IPv6 support, see the warning above.

---

hon.one | HON95/wiki | Edit page