AWS appstream2 documentation change
Summary
Added a note about IPv6-only subnets requiring Egress-Only Internet Gateway and security controls to prevent accidental access.
Security assessment
The change documents security best practices for IPv6 networking (e.g., preventing accidental inbound/outbound access) but does not address a specific security vulnerability. It proactively adds security guidance.
Diff
diff --git a/appstream2/latest/developerguide/managing-network-manual-enable-internet-access.md b/appstream2/latest/developerguide/managing-network-manual-enable-internet-access.md index 3a8ffe89e..20a186fce 100644 --- a//appstream2/latest/developerguide/managing-network-manual-enable-internet-access.md +++ b//appstream2/latest/developerguide/managing-network-manual-enable-internet-access.md @@ -8,0 +9,4 @@ After your NAT gateway is available on a VPC, you can enable internet access for +###### Note + +When working with IPv6 only subnets, default internet access cannot be enabled. You'll need to set up an Egress-Only Internet Gateway and configure route table to allow outbound internet traffic. For more information check the [steps](https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html). You also need to enable auto-assign IPv6 addresses for your subnets. The Egress-Only gateway handles outbound internet traffic only so if you need inbound access, you'll still need a regular internet gateway. You can find more details about this in [egress only internet gateway documentation](https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html). Ensure appropriate security and networking controls exist to prevent accidental inbound/outbound access for your subnets. +