Associate an IPv6 Classless Inter-Domain Routing (CIDR) block to your Amazon Virtual Private Cloud (Amazon VPC). This can be an AWS-assigned CIDR, or part of a Bring Your Own IPv6 Addresses (BYOIPv6) pool. Associate an egress-only internet gateway (EIGW) to the VPC. This is the target for the IPv6 default route of private dual stack subnets. Compute resources in public dual stack subnets use the internet gateway for dualstack IPv4 and IPv6 internet connectivity. They can directly initiate outbound internet connections and accept inbound internet connections, to and from IPv4 and IPv6 hosts in the internet, using their associated Elastic IPv4 address or IPv6 addresses from the subnet CIDR. Note that security groups must allow both IPv4 and IPv6 traffic. Resources in private dual stack subnets use the public NAT gateway in each Availability Zone for outbound IPv4 Internet connectivity. The NAT gateway allows only outbound IPv4 connections to be opened from private Amazon Elastic Compute Cloud (Amazon EC2) instancesto internet IPv4 destinations, and the associated return traffic. The NAT gateways send the translated IPv4 packets to the internet gateway, which sends the traffic out in the internet, to the respective IPv4 destinations. Resources in private dual stack subnets use the egress-only internet gateway for outbound IPv6 internet connectivity. The egress-only internet gateway allows only outbound IPv6 connections to be opened from private EC2 instances to internet IPv6 destinations, and the associated return traffic.
