Support IPv6 (dual stack) VPCs

[khalil-omer]

With the new public IP billing policy, my understanding of AWS best practice going forward for networking cost efficiency is to place the ALB in public subnets with an IPv4 address, and then place Fargate tasks in private subnets with dual stack enabled. As long as dual stack is also enabled at the VPC level and account level and as long as an egress only internet gateway is created at the VPC level, this allows tasks internet access without public IPs and without NAT gateways.

[dannyrandall]

Hey @khalil-omer! Thanks for bringing this up. I think it would be nice for Copilot to provide some way to enable IPv6 support, especially given the changing billing policy. My initial thought is that we may not be able to enable this architecture by default, as it would restrict egress to IPv6 services only - but it is definitely worth more thought.

Thanks again! I'll mark this as a feature request. For future people finding this issue with regards to IPv4 charges, Copilot supports placing your services in private subnets (no public IP) and will automatically create a NAT Gateway for you in that case. Just set vpc.placement: private in your service manifest!. Alternatively, using Request-Driven Web Services will also avoid public IP usage.

[Kylir]

Hello! Any news on that feature please? We paid quite a lot for the "public IPs" for our services last month. We don't want to create NAT Gateways... Thank you.

[iamhopaul123]

Hello @Kylir. I think using IPv6 also draws some availability concern. We have a reply which well summarizes the alternatives for this issue.