AWS Security ChangesHomeSearch

AWS appstream2 documentation change

Service: appstream2 · 2025-11-22 · Documentation low

File: appstream2/latest/developerguide/managing-network-manual-enable-internet-access.md

Summary

Added a note about IPv6-only subnets requiring Egress-Only Internet Gateway and security controls to prevent accidental access.

Security assessment

The change documents security best practices for IPv6 networking (e.g., preventing accidental inbound/outbound access) but does not address a specific security vulnerability. It proactively adds security guidance.

Diff

diff --git a/appstream2/latest/developerguide/managing-network-manual-enable-internet-access.md b/appstream2/latest/developerguide/managing-network-manual-enable-internet-access.md
index 3a8ffe89e..20a186fce 100644
--- a//appstream2/latest/developerguide/managing-network-manual-enable-internet-access.md
+++ b//appstream2/latest/developerguide/managing-network-manual-enable-internet-access.md
@@ -8,0 +9,4 @@ After your NAT gateway is available on a VPC, you can enable internet access for
+###### Note
+
+When working with IPv6 only subnets, default internet access cannot be enabled. You'll need to set up an Egress-Only Internet Gateway and configure route table to allow outbound internet traffic. For more information check the [steps](https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html). You also need to enable auto-assign IPv6 addresses for your subnets. The Egress-Only gateway handles outbound internet traffic only so if you need inbound access, you'll still need a regular internet gateway. You can find more details about this in [egress only internet gateway documentation](https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html). Ensure appropriate security and networking controls exist to prevent accidental inbound/outbound access for your subnets.
+