We all know we’d have to adopt IPV6 one day. So why not today?

I thought about this today, when I noticed my provider was so good to give my laptop an IPv6 address. So it starts making sense to get our website on IPv6 too. When even private individuals get IPv6 access, it’s just a matter of time before the corporates do 😉

There is enough documentation out there about what IPv6 is and why we ‘need’ it, so I won’t replicate any of that here. Now, the question is, how to get your site on IPv6?

At easytocloud, we use AWS CloudFront as a CDN (Content Delivery Network) for our website. CloudFront runs in AWS edge locations in a datacenter ‘near you’ where it caches (parts of) our site … AWS has around 80 edge locations worldwide, as opposed to about 16 Regions where you can host your stuff. The good thing is, CloudFront supports IPv6 right out of the box!

Our website runs in the eu-central-1 Region (Frankfurt) where we use an internet facing load balancer (ELB) to give web-access to our webserver(s) running in an autoscaling group within a private network. A security group limits access to the ELB to only CloudFormation edge locations.

In the private network, we of course use a private IP address range like There is no reason to use IPv6 in the private network as the individual webserver instances are not internet-facing by definition and the range is large enough to accommodate for our webserver-tier.

Potentially, one could give the internet facing load balancer IPv6 addresses. However, as we have put CloudFront in front of our ELB and CloudFront uses IPv4 only to connect from the edge locations to our ELB, there is again no need to put IPv6 here – yet.

We know CloudFront connects to our ELB using IPv4 (today) because AWS publishes the list of source IP addresses that you need to whitelist on your ELB in order to allow (only) CloudFront to connect to the ELB. You can find that list of addresses here and it doesn’t show IPv6 – at the day of writing this post. In a later post, I will disclose how you can update the security group fencing off the ELB automatically whenever AWS changes the list of IP addresses.

So, for now, all we need is to configure CloudFront to use IPv6, which is actually just a checkbox in the configuration.


Don’t forget to add the IPv6 records to your DNS. We use AWS Route53 where we added an IPv6 alias record for our CloudFront distribution. Alias records are similar to CNAME records with two major exceptions:

  • you can use an ALIAS record for the APEX (naked domain name – easytocloud.com),
  • an ALIAS record is solved inside R53, so your DNS clients gets an AAAA (IPv6) or A (IPv4) response.

With little more than a few mouse-clicks, you too can enable your site for IPv6.

The picture at the top of this article shows how our website is ready for IPv6 now, according to this site. It just took a few minutes to get there from the picture below: