Gateway Now Dual-Stack Supports (IPv4 and IPv6) endpoints | Amazon Web Services

Today we start support for the IPv6 for the Amazon API Gateway across all types of endpoints, own domains and management APIs, in all commercial and AWS govcloud (USA) regions. Now you can configure the REST, HTTP and WebSocet API and your own domains and receive calls from IPv6 customers along with existing IPv4 support. You can also call the API Gateway Management API from Dual-Stack customers (IPv6 and IPv4). Since Global Enfront IPv4 is dealing with deficiency and increasing costs, IPv6 implementation becomes critical for network infrastructure for the future. This approach with dual stack helps organizations to maintain future network compatibility and expand global reach. If you want to learn more about dualstack in Amazon Web Services (AWS), see IPv6 to AWS.

Creating new resources with dual stack

This post focuses on two ways of creating an API or a domain name with the type of IP address dualstack: AWS Management Console and AWS Cloud Development Kit (CDK).

Aws Console

When creating a new API or domain in the console, select IPv4 or dualstack (IPv4 and IPv6) for IP addresses.

As shown in the following figure, you can select DualStack when creating a new REST API.
For your own domain names, you can similarly configure dualstack as shown in the next picture.

If you only need to return to IPv4 for any reason, you can edit the IP address settings without moving the API to make the update reflected.

Rest API of all types of endpoints (marginal, regional and private) Dualstack support. Private API REST only supports DualStack configuration.

AWS CDK

With AWS CDK, start configure the API and the domain name Dual-Stack Rest.

const api = new apigateway.RestApi(this, "Api", {
  restApiName: "MyDualStackAPI",
  endpointConfiguration: {ipAddressType: "dualstack"}
});

const domain_name = new apigateway.DomainName(this, "DomainName", {
  regionalCertificateArn: 'arn:aws:acm:us-east-1:111122223333:certificate/a1b2c3d4-5678-90ab',
  domainName: 'dualstack.example.com',
  endpointConfiguration: {
    types: ('Regional'),
    ipAddressType: 'dualstack'
  },
  securityPolicy: 'TLS_1_2'
});

const basepathmapping = new apigateway.BasePathMapping(this, "BasePathMapping", {
  domainName: domain_name,
  restApi: api
});

IP and IPv6 authorization

When your API interface starts to receive IPv6, IPS customer resources will be in IPv6 format. If you are the policy policy, the Lambda or AWS identity and access management (IAM) policies that refer to the IP source addresses, make sure they are updated to suit IPv6 formats.

For example, permission to operate from a specific IPv6 range in the area of ​​resources.

{
  "Version": "2012-10-17",
  "Statement": (
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "execute-api:Invoke",
      "Resource": "execute-api:stage-name/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": (
            "192.0.2.0/24",
            "2001:db8:1234::/48"
          )
        }
      }
    }
  )
}

Summary

Support API Gateway Dual-Stack helps manage IPv4 to solve deficiency and costs, in accordance with government and industrial mandates and prepa for the future of networks. Dualstack implementation provides a smooth transition path by supporting IPv4 and IPv6 customers at the same time.

To start supporting the Gateway Dual-Stack API, visit the Amazon API Gateway Documentation. You can configure the dualstack for the new API or update the existing API with a minimum configuration change.

–Betty

Special thanks to Ellie Frank (Elliesf), Anjali Gola (Anjaligl) and Pranica to Kakkara (pranika) for providing resources, answering questions and offering valuable feedback during the writing process. This blog contribution was made possible through support for cooperation between service and product management teams.

How’s the Blog of news? Take this 1 minute survey!

(This survey is hosted by an external company. AWS processes your information as described in the AWS Privacy Notice. AWS will own data collected via this survey and will not share information with dew survey.)