1. Answers
  2. Connect to AWS EC2 with IPv6 via SSH?

How do I connect to AWS EC2 with IPv6 via SSH?

To connect to an AWS EC2 instance with IPv6 via SSH, you need to perform several steps:

  1. Create a VPC and subnets with IPv6 enabled.
  2. Launch an EC2 instance within the subnet.
  3. Assign an IPv6 address to the EC2 instance.
  4. Create a security group to allow SSH access.
  5. Generate or use an existing SSH key pair for authentication.

Below is a Pulumi program written in TypeScript that accomplishes these steps:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create a new VPC with IPv6 support
const vpc = new aws.ec2.Vpc("myVpc", {
    cidrBlock: "10.0.0.0/16",
    assignGeneratedIpv6CidrBlock: true,
    tags: {
        Name: "my-vpc",
    },
});

const region = aws.getRegion({});
const example = new aws.ec2.VpcIpam("example", {operatingRegions: [{
    regionName: region.then(region => region.name),
}]});

const vpcIpamPool = new aws.ec2.VpcIpamPool("vpcIpamPool", {
    addressFamily: "ipv6",
    ipamScopeId: example.privateDefaultScopeId,
    locale: region.then(region => region.name),
});

// Create an IPv6 CIDR block for the VPC
const ipv6CidrBlock = new aws.ec2.VpcIpv6CidrBlockAssociation("myVpcIpv6CidrBlockAssociation", {
    vpcId: vpc.id,
    ipv6IpamPoolId: vpcIpamPool.id
});

// Create a subnet within the VPC with IPv6 support
const subnet = new aws.ec2.Subnet("mySubnet", {
    vpcId: vpc.id,
    cidrBlock: "10.0.1.0/24",
    ipv6CidrBlock: pulumi.interpolate`${ipv6CidrBlock.ipv6CidrBlock}`,
    mapPublicIpOnLaunch: true,
    tags: {
        Name: "my-subnet",
    },
});

// Create an Internet Gateway
const igw = new aws.ec2.InternetGateway("myIgw", {
    vpcId: vpc.id,
    tags: {
        Name: "my-igw",
    },
});

// Create a route table for the subnet
const routeTable = new aws.ec2.RouteTable("myRouteTable", {
    vpcId: vpc.id,
    routes: [
        {
            cidrBlock: "0.0.0.0/0",
            gatewayId: igw.id,
        },
        {
            ipv6CidrBlock: "::/0",
            gatewayId: igw.id,
        },
    ],
    tags: {
        Name: "my-route-table",
    },
});

// Associate the route table with the subnet
const routeTableAssociation = new aws.ec2.RouteTableAssociation("myRouteTableAssociation", {
    subnetId: subnet.id,
    routeTableId: routeTable.id,
});

// Create a security group to allow SSH access
const securityGroup = new aws.ec2.SecurityGroup("mySecurityGroup", {
    vpcId: vpc.id,
    description: "Allow SSH access",
    ingress: [
        {
            protocol: "tcp",
            fromPort: 22,
            toPort: 22,
            cidrBlocks: ["0.0.0.0/0"],
            ipv6CidrBlocks: ["::/0"],
        },
    ],
    egress: [
        {
            protocol: "-1",
            fromPort: 0,
            toPort: 0,
            cidrBlocks: ["0.0.0.0/0"],
            ipv6CidrBlocks: ["::/0"],
        },
    ],
    tags: {
        Name: "my-security-group",
    },
});

// Create an SSH key pair
const keyPair = new aws.ec2.KeyPair("myKeyPair", {
    publicKey: "<YOUR_PUBLIC_SSH_KEY>",
});

// Launch an EC2 instance
const instance = new aws.ec2.Instance("myInstance", {
    instanceType: "t2.micro",
    ami: "ami-0c55b159cbfafe1f0", // Amazon Linux 2 AMI
    subnetId: subnet.id,
    associatePublicIpAddress: true,
    ipv6AddressCount: 1,
    keyName: keyPair.keyName,
    vpcSecurityGroupIds: [securityGroup.id],
    tags: {
        Name: "my-instance",
    },
});

// Export the public IP and IPv6 address of the instance
export const publicIp = instance.publicIp;
export const ipv6Address = instance.ipv6Addresses.apply(ipv6 => ipv6[0]);

Explanation:

  1. VPC Creation: We create a VPC with IPv4 and IPv6 support.
  2. Subnet Creation: A subnet is created within the VPC, and it is assigned an IPv6 CIDR block.
  3. Internet Gateway: An Internet Gateway is created to allow internet access.
  4. Route Table: A route table is created and associated with the subnet to route IPv4 and IPv6 traffic.
  5. Security Group: A security group is created to allow SSH access (port 22) from any IPv4 or IPv6 address.
  6. Key Pair: An SSH key pair is created for authenticating SSH access.
  7. EC2 Instance: An EC2 instance is launched in the subnet with an IPv6 address.

You can use the publicIp and ipv6Address outputs to connect to your EC2 instance via SSH. Make sure to replace <YOUR_PUBLIC_SSH_KEY> with your actual SSH public key.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up