# Document history
<a name="WhatsNew"></a>

The following table describes the important changes in each release of the *Amazon VPC User Guide*.

| Change | Description | Date | 
| --- |--- |--- |
| [VPC encryption controls](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-encryption-controls.html) | You can now enforce encryption in transit for network traffic within your VPC using VPC encryption controls. This feature provides centralized encryption policy enforcement and monitoring capabilities. | November 21, 2025 | 
| [Regional NAT gateways for automatic multi-AZ expansion](https://docs.amazonaws.cn/vpc/latest/userguide/nat-gateways-regional.html) | You can now use regional NAT gateways that automatically expand across Availability Zones based on your workload footprint. Regional NAT gateways provide simplified setup, enhanced security, and automatic high availability without manual intervention. | November 19, 2025 | 
| [Route inbound VPC traffic to public IP addresses](https://docs.amazonaws.cn/vpc/latest/userguide/igw-ingress-routing.html) | You can now configure advanced routing rules to direct inbound traffic from the internet to specific public IP addresses within your VPC, enabling more granular control over traffic flow and routing decisions for ingress scenarios. | August 13, 2025 | 
| [Dynamic routing in your VPC using Amazon VPC Route Server](https://docs.amazonaws.cn/vpc/latest/userguide/dynamic-routing-route-server.html) | Amazon VPC Route Server simplifies routing for traffic between workloads that are deployed within a VPC and its internet gateways. With this feature, VPC Route Server dynamically updates VPC and gateway route tables with your preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those workloads. This enables you to automatically reroute traffic within a VPC, which increases the manageability of VPC routing and interoperability with third-party workloads. | March 31, 2025 | 
| [Amazon managed policy update](https://docs.amazonaws.cn/vpc/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-updates) | Amazon VPC updated the AmazonVPCFullAccess and AmazonVPCReadOnlyAccess managed policies. | December 9, 2024 | 
| [Declarative policy support for VPC BPA](https://docs.amazonaws.cn//vpc/latest/userguide/security-vpc-bpa.html#security-vpc-bpa-exclusions-orgs) | If you are using Amazon Organizations to manage accounts in your organization, you can use a declarative policy to enforce VPC BPA on the accounts in the organization. | December 1, 2024 | 
| [VPC Block Public Access (BPA)](https://docs.amazonaws.cn//vpc/latest/userguide/security-vpc-bpa.html) | VPC Block public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. | November 19, 2024 | 
| [Shared Security Groups](https://docs.amazonaws.cn//vpc/latest/userguide/security-group-sharing.html) | This feature enables you to share a security group with other Amazon Organizations accounts. | October 30, 2024 | 
| [Security Group VPC Associations](https://docs.amazonaws.cn//vpc/latest/userguide/security-group-assoc.html) | This feature enables you to associate a security group with multiple VPCs in the same Region. | October 30, 2024 | 
| [NAT gateway MTU support](https://docs.amazonaws.cn//vpc/latest/userguide/nat-gateway-basics.html) | NAT gateways support traffic with a maximum transmission unit (MTU) of 8500. | September 10, 2024 | 
| [Private IPv6 addressing](https://docs.amazonaws.cn//vpc/latest/userguide/vpc-ip-addressing.html#vpc-ipv6-addresses-private) | Information about private IPv6 addressing was added. Private IPv6 addresses are only available in Amazon VPC IP Address Manager. | August 8, 2024 | 
| [IPv6 preferred lease time](https://docs.amazonaws.cn//vpc/latest/userguide/DHCPOptionSetConcepts.html) | You can now choose how frequently a running instance with an IPv6 assigned to it goes through DHCPv6 lease renewal. | February 20, 2024 | 
| [Guide structure review and improvements](#WhatsNew) | The structure of the guide was reviewed and improvements were made to improve the customer experience related to finding info for specific scenarios. | February 20, 2024 | 
| [Amazon managed policy update](https://docs.amazonaws.cn/vpc/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-updates) | Amazon VPC updated the AmazonVPCFullAccess and AmazonVPCReadOnlyAccess managed policies. | February 8, 2024 | 
| [Amazon managed policy update](https://docs.amazonaws.cn/vpc/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-updates) | Amazon VPC updated the AmazonVPCCrossAccountNetworkInterfaceOperations managed policy. | September 25, 2023 | 
| [EC2-Classic is deprecated](#WhatsNew) | With EC2-Classic, EC2 instances ran in a single, flat network shared with other customers. Amazon VPC replaces EC2-Classic. With Amazon VPC, your instances run in a virtual private cloud (VPC) that's logically isolated to your Amazon Web Services account. | July 31, 2023 | 
| [Add secondary IPv4 addresses to NAT gateways](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-edit-secondary) | You can add secondary private IPv4 addresses to public and private NAT gateways. Secondary IPv4 addresses increase the number of available ports, and therefore they increase the limit on the number of concurrent connections that your workloads can establish using a NAT gateway. | January 31, 2023 | 
| [Aligning with IAM best practices](#WhatsNew) | Updated guide to align with the IAM best practices. For more information, see [Security best practices in IAM](https://docs.amazonaws.cn//IAM/latest/UserGuide/best-practices.html). | January 4, 2023 | 
| [Pick the private IP address of your NAT gateway](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) | When you create a NAT gateway, you can now choose to pick the private IP address that's assigned to the NAT gateway. Previously, the private IP address was automatically assigned from the IP address range of the subnet. | November 17, 2022 | 
| [IPv6 default gateway router configuration](https://docs.amazonaws.cn/vpc/latest/userguide/configure-subnets.html#subnet-sizing) | Three IPv6 addresses are now reserved for use by the default VPC router. | November 11, 2022 | 
| [Transfer Elastic IP addresses](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-eips.html#transfer-EIPs-intro) | You can now transfer Elastic IP addresses from one Amazon account to another. | October 31, 2022 | 
| [Network Address Usage metrics](https://docs.amazonaws.cn/vpc/latest/userguide/network-address-usage.html) | You can enable Network Address Usage metrics for your VPC to help you plan for and monitor the size of your VPC. | October 4, 2022 | 
| [Publish Flow Logs to Amazon Data Firehose](https://docs.amazonaws.cn/vpc/latest/userguide/flow-logs-firehose.html) | You can specify a Amazon Data Firehose delivery stream as a destination for flow log data. | September 8, 2022 | 
| [NAT gateway bandwidth](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-basics) | NAT gateways now support bandwidth up to 100 Gbps (an increase from 45 Gbps) and can process up to ten million packets per second (up from four million packets). | June 15, 2022 | 
| [Multiple IPv6 CIDR blocks](#WhatsNew) | You can associate up to five IPv6 CIDR blocks to a VPC. | May 12, 2022 | 
| [Reorganization](#WhatsNew) | General reorganization of this Amazon Virtual Private Cloud User Guide. | January 2, 2022 | 
| [NAT gateway IPv6 to IPv4](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-nat64-dns64) | NAT gateway supports network address translation from IPv6 to IPv4, popularly known as NAT64. | November 24, 2021 | 
| [IPv6-only subnets in VPCs](https://docs.amazonaws.cn/vpc/latest/userguide/how-it-works.html#vpc-ip-addressing) | You can create IPv6-only subnets into which you can launch IPv6-only EC2 instances. | November 23, 2021 | 
| [VPC Flow Logs delivery options to Amazon S3](https://docs.amazonaws.cn/vpc/latest/userguide/flow-logs-s3.html) | You can specify the Apache Parquet log file format, hourly partitions, and Hive-compatible S3 prefixes. | October 13, 2021 | 
| [Amazon EC2 Global View](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/Using_Filtering.html#global-view) | Amazon EC2 Global View enables you to view VPCs, subnets, instances, security groups, and volumes across multiple Amazon Regions in a single console. | September 1, 2021 | 
| [More specific routes](#WhatsNew) | You can add a route to your route tables that is more specific than the local route. You can use more specific routes to redirect traffic between subnets within a VPC (East-West traffic) to a middlebox appliance. You can set the destination of a route to match an entire IPv4 or IPv6 CIDR block of a subnet in your VPC. | August 30, 2021 | 
| [Resource IDs and tagging support for security group rules](#WhatsNew) | You can refer to security group rules by resource ID. You can also add tags to your security group rules. | July 7, 2021 | 
| [Private NAT gateways](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-nat-gateway.html) | You can use a private NAT gateway for outbound-only private communication between VPCs or between a VPC and your on-premises network. | June 10, 2021 | 
| [Tag on create](#WhatsNew) | You can add tags when you create a VPC, DHCP options, internet gateway, egress-only gateway, network ACL, and security group. | June 30, 2020 | 
| [Managed prefix lists](https://docs.amazonaws.cn/vpc/latest/userguide/managed-prefix-lists.html) | You can create and manage a set of CIDR blocks in prefix list. | June 29, 2020 | 
| [Flow logs enhancements](https://docs.amazonaws.cn/vpc/latest/userguide/flow-logs.html) | New flow log fields are available, and you can specify a custom format for flow logs that publish to CloudWatch Logs. | May 4, 2020 | 
| [Tagging support for flow logs](https://docs.amazonaws.cn/vpc/latest/userguide/working-with-flow-logs.html#modify-tags-flow-logs) | You can add tags to your flow logs. | March 16, 2020 | 
| [Tag on NAT gateway creation](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) | You can add a tag when you create a NAT gateway. | March 9, 2020 | 
| [Maximum aggregation interval for flow logs](https://docs.amazonaws.cn/vpc/latest/userguide/flow-logs.html#flow-logs-aggregration-interval) | You can specify the maximum period of time during which a flow is captured and aggregated into a flow log record.  | February 4, 2020 | 
| [Network border group configuration](#WhatsNew) | You can configure network border groups for your VPCs from the Amazon VPC console. | January 22, 2020 | 
| [Gateway route tables](https://docs.amazonaws.cn/vpc/latest/userguide/VPC_Route_Tables.html#gateway-route-table) | You can associate a route table with a gateway and route inbound VPC traffic to a specific network interface in your VPC. | December 3, 2019 | 
| [Flow logs enhancements](https://docs.amazonaws.cn/vpc/latest/userguide/flow-logs.html) | You can specify a custom format for your flow log and choose which fields to return in the flow log records. | September 11, 2019 | 
| [VPC Sharing](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-sharing.html) | You can share subnets that are in the same VPC with multiple accounts in the same Amazon organization. | November 27, 2018 | 
| [Create default subnet](https://docs.amazonaws.cn/vpc/latest/userguide/default-vpc.html#create-default-subnet) | You can create a default subnet in an Availability Zone that does not have one. | November 9, 2017 | 
| [Tagging support for NAT gateways](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-tagging) | You can tag your NAT gateway. | September 7, 2017 | 
| [Amazon CloudWatch metrics for NAT gateways](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-nat-gateway-cloudwatch.html) | You can view CloudWatch metrics for your NAT gateway.  | September 7, 2017 | 
| [Security group rule descriptions](https://docs.amazonaws.cn/vpc/latest/userguide/security-group-rules.html) | You can add descriptions to your security group rules. | August 31, 2017 | 
| [Secondary IPv4 CIDR blocks for your VPC](#WhatsNew) | You can add multiple IPv4 CIDR blocks to your VPC. | August 29, 2017 | 
| [Recover Elastic IP addresses](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-eips.html#WorkWithEIPs) | If you release an Elastic IP address, you might be able to recover it.  | August 11, 2017 | 
| [Create default VPC](https://docs.amazonaws.cn/vpc/latest/userguide/default-vpc.html#create-default-vpc) | You can create a new default VPC if you delete your existing default VPC. | July 27, 2017 | 
| [IPv6 support](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-ip-addressing.html) | You can associate an IPv6 CIDR block with your VPC and assign IPv6 addresses to resources in your VPC. | December 1, 2016 | 
| [DNS resolution support for non-RFC 1918 IP address ranges](#WhatsNew) | The Amazon DNS server can now resolve private DNS hostnames to private IP addresses for all address spaces. | October 24, 2016 | 
| [NAT gateways](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-nat-gateway.html) | You can create a NAT gateway in a public subnet and enable instances in a private subnet to initiate outbound traffic to the internet or other Amazon services. | December 17, 2015 | 
| [VPC flow logs](https://docs.amazonaws.cn/vpc/latest/userguide/flow-logs.html) | You can create a flow log to capture information about the IP traffic going to and from network interfaces in your VPC. | June 10, 2015 | 
| [ClassicLink](#WhatsNew) | You can use ClassicLink to link your EC2-Classic instance to a VPC in your account. You can associate VPC security groups with the EC2-Classic instance, enabling communication between your EC2-Classic instance and instances in your VPC using private IP addresses. | January 7, 2015 | 
| [Use private hosted zones](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-dns.html#vpc-private-hosted-zones) | You can access resources in your VPC using custom DNS domain names that you define in a private hosted zone in Route 53. | November 5, 2014 | 
| [Modify a subnet's public IP addressing attribute](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-ip-addressing.html#subnet-public-ip) | You can modify the public IP addressing attribute of your subnet to indicate whether instances launched into that subnet should receive a public IP address.  | June 21, 2014 | 
| [Assigning a public IP address](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-ip-addressing.html#vpc-public-ip) | You can assign a public IP address to an instance during launch. | August 20, 2013 | 
| [Enabling DNS hostnames and disabling DNS resolution](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-dns.html) | You can modify VPC defaults and disable DNS resolution and enable DNS hostnames. | March 11, 2013 | 
| [VPC Everywhere](#WhatsNew) | Added support for VPC in five Amazon Regions, VPCs in multiple Availability Zones, multiple VPCs per Amazon account,and multiple VPN connections per VPC. | August 3, 2011 | 
| [Dedicated Instances](#WhatsNew) | Dedicated Instances are Amazon EC2 instances launched within your VPC that run hardware dedicated to a single customer. | March 27, 2011 |