By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to avoid public ipv4 address

2

So I had the notification about charges for public IPV4 addresses and I've been thrashing around for ways to avoid the new cost.

Here's what I have now:

  1. A t4g.micro EC2 instance managed through Elastic Beanstalk
  2. The instance provides a external web interface
  3. The instance connects to other AWS services including DynamoDB and SES

Now it seems that:

  1. Elastic Beanstalk environments need internet access (creation fails on a VPC without an internet gateway)
  2. If I create an IPV6-only VPC, the instances will not be able to connect to all AWS services since many are not IPV6 enabled
  3. I looked at Cloudfront but that communicates with origins using IPV4 only
  4. Any approach to connecting a private VPC to the internet and other AWS services (such as a NAT gateway) is considerably more expensive that keeping the public IPV4 address

So unless I am missing something, for this requirement there is no way to avoid the public IPV4 address and the associated charge. If so, disappointed that AWS does not provide a working migration path.

Topics
ComputeNetworking & Content Delivery
Tags
AWS Elastic BeanstalkAmazon EC2IPv6
Language
English
rde1
asked 6 months ago2017 views
3 Answers
1

I've done some more testing. It seems impossible to use Elastic Beanstalk without either a public IPv4 address or other more expensive solutions such as PrivateLink or NAT Gateways. You can set up gateway endpoints from an IPv6 VPC but these support S3 and DynamoDB only.

Any other hints, anyone?

rde1
answered 6 months ago
  • apparentorder
    6 months ago

    I have done a bit of research on the IPv4 charges and IPv6 on AWS, and I can say that you're absolutely right in all regards. There's no good way to fully avoid these charges. Especially on Beanstalk, which doesn't work with IPv6 at all.

    You might want to look at AWS App Runner. If it works for your use-case and your app can be containerized, this might be a way out. If you don't need VPC access, App Runner will provide IPv4 ingress and egress without IPv4 address charges, I believe.

0

AWS doesn't intend there to be a way to avoid this charge, they themselves say that the purpose of it is to try and dissuade IPv4 usage and drive IPv6 adoption https://aws.amazon.com/blogs/aws/new-aws-public-ipv4-address-charge-public-ip-insights/

intended to encourage you to be a bit more frugal with your use of public IPv4 addresses and to think about accelerating your adoption of IPv6

I would imagine that pretty much everybody who posts on here will be affected by it one way or another, and as we get closer to February 1st the amount of discussion around it on here will increase.

profile picture
EXPERT
Steve_M
answered 6 months ago
  • Ray Bellis
    5 months ago

    I'm using one public IPv4 address. I couldn't possibly be any more frugal, and without this my fully prepaid reserved instance would become functionally useless. Amazon need to include at least one free public IPv4 with each VPC.

0

Yes of course I understand that. My problem is that AWS is not providing the what I need to fully adopt IPv6. Many AWS services are not IPv6 enabled so if I want to avoid a public EC2 IPv4 address I have to use a NAT gateway which is considerably more expensive.

I could avoid a public IPv4 address by using API gateway with HTTP forwarding to an EC2 instance via a VPC link, but if the instance itself cannot access the AWS services it needs then that approach seems unworkable.

rde1
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content