Amazon Web Services has added IPv6 support to IAM Identity Center through new dual-stack endpoints. The update allows identity services to operate over IPv6 networks while continuing to support IPv4. The change applies to access portals, managed applications, and service APIs that use dual-stack domain names capable of accepting both IPv4 and IPv6 connections.
Transition from IPv4-only to dual-stack endpoints (Source: AWS)
Dual-stack endpoints for workforce access
Existing IPv4 endpoints remain available. Clients connect using IPv4, IPv6, or both, depending on operating system and network configuration. Workforce users who need IPv6 access must use the new dual-stack endpoints. Organizations that rely on an external identity provider must also update IdP settings so authentication traffic reaches the dual-stack endpoints.
Requirements for enabling IPv6 access
IPv6 access requires an existing IAM Identity Center instance, IPv6-capable clients and networks, and firewall or gateway rules that allow IPv6 traffic. External identity provider configurations must be updated so both authentication and provisioning requests use dual-stack endpoints.
New endpoints for users and administrators
IAM Identity Center now provides dual-stack URLs for both user access and administrative operations. Workforce users authenticate through a dual-stack access portal URL that supports IPv4 and IPv6 connections. Administrators use separate dual-stack service endpoints for tasks such as managing users, groups, and permissions. These endpoints are listed in the IAM Identity Center settings in the AWS Management Console and use domain names ending in api.aws.
Sharing these URLs allows users and administrators to connect over IPv4 or IPv6 based on their network environment.
Visibility through audit logs
IAM Identity Center records dual-stack endpoint usage in AWS CloudTrail logs. These logs show when clients connect through dual-stack endpoints, providing visibility into IPv6 adoption within the environment.
“Remember that existing IPv4 endpoints will continue to function, so you can transition at your own pace. Also, no immediate action is required by you. However, we recommend planning your transition to take advantage of IPv6 benefits and meet compliance requirements,” said Suchintya Dandapat, Principal Product Manager for AWS.