Example: Enable IPv6 in a VPC with a public and private subnet
In this example, your VPC has a public and a private subnet. You have a database instance in your private subnet that has outbound communication with the internet through a NAT gateway in your VPC. You have a public-facing web server in your public subnet that has internet access through the internet gateway. The following diagram represents the architecture of your VPC.
The security group for your web server (for example with the security group ID sg-11aa22bb11aa22bb1) has the
following inbound rules:
| Type | Protocol | Port range | Source | Comment |
|---|---|---|---|---|
| All traffic | All | All | sg-33cc44dd33cc44dd3 | Allows inbound access for all traffic from instances associated with sg-33cc44dd33cc44dd3 (the database instance). |
| HTTP | TCP | 80 | 0.0.0.0/0 | Allows inbound traffic from the internet over HTTP. |
| HTTPS | TCP | 443 | 0.0.0.0/0 | Allows inbound traffic from the internet over HTTPS. |
| SSH | TCP | 22 | 203.0.113.123/32 | Allows inbound SSH access from your local computer; for example, when you need to connect to your instance to perform administration tasks. |
The security group for your database instance (for example with the security group ID sg-33cc44dd33cc44dd3) has
the following inbound rule:
| Type | Protocol | Port range | Source | Comment |
|---|---|---|---|---|
| MySQL | TCP | 3306 | sg-11aa22bb11aa22bb1 | Allows inbound access for MySQL traffic from instances associated with sg-11aa22bb11aa22bb1 (the web server instance). |
Both security groups have the default outbound rule that allows all outbound IPv4 traffic, and no other outbound rules.
Your web server is t2.medium instance type. Your database server is an
m3.large.
You want your VPC and resources to be enabled for IPv6, and you want them to operate in dual-stack mode; in other words, you want to use both IPv6 and IPv4 addressing between resources in your VPC and resources over the internet.