Amazon Simple Storage Service (S3) | Amazon S3 and IPv6 Flashcards
Is Transfer Acceleration HIPAA eligible?
Amazon S3 and IPv6
Amazon Simple Storage Service (S3) | Storage
Yes, AWS has expanded its HIPAA compliance program to include Amazon S3 Transfer Acceleration as a HIPAA eligible service. If you have an executed Business Associate Agreement (BAA) with AWS, you can use Amazon S3 Transfer Acceleration to enables fast, easy, and secure transfers of files including protected health information (PHI) over long distances between your client and your Amazon S3 bucket. For more information, see HIPAA Compliance.
What is IPv6?
Amazon S3 and IPv6
Amazon Simple Storage Service (S3) | Storage
Every server and device connected to the Internet must have a unique address. Internet Protocol Version 4 (IPv4) was the original 32-bit addressing scheme. However, the continued growth of the Internet means that all available IPv4 addresses will be utilized over time. Internet Protocol Version 6 (IPv6) is the new addressing mechanism designed to overcome the global address limitation on IPv4.
What can I do with IPv6?
Amazon S3 and IPv6
Amazon Simple Storage Service (S3) | Storage
Using IPv6 support for Amazon S3, applications can connect to Amazon S3 without needing any IPv6 to IPv4 translation software or systems. You can meet compliance requirements, more easily integrate with existing IPv6-based on-premises applications, and remove the need for expensive networking equipment to handle the address translation. You can also now utilize the existing source address filtering features in IAM policies and bucket policies with IPv6 addresses, expanding your options to secure applications interacting with Amazon S3.
How do I get started with IPv6 on Amazon S3?
Amazon S3 and IPv6
Amazon Simple Storage Service (S3) | Storage
You can get started by pointing your application to Amazon S3’s new “dual-stack” endpoint, which supports access over both IPv4 and IPv6. In most cases, no further configuration is required for access over IPv6, because most network clients prefer IPv6 addresses by default. Your applications may continue to access data through the existing APIs and virtual hosted style (e.g. http://bucket.s3.dualstack.aws-region.amazonaws.com) or path style (e.g. http://s3.dualstack.aws-region.amazonaws.com/bucket) URLs without code changes. When using Amazon S3 Transfer Acceleration, the “dual-stack” endpoint must be of the form http(s)://bucket.s3-accelerate.dualstack.amazonaws.com. However, you must also evaluate your bucket and Identity and Access Management (IAM) policies to ensure you have the appropriate access configured for your new IPv6 addresses. For more information about getting started accessing Amazon S3 over IPv6, see Making Requests to Amazon S3 over IPv6.
If I point to Amazon S3’s “dual-stack” endpoint, will I still be able to access Amazon S3’s APIs over IPv4?
Amazon S3 and IPv6
Amazon Simple Storage Service (S3) | Storage
Yes, you can continue to access Amazon S3 APIs using both IPv6 and IPv4 addresses when connecting to the Amazon S3 “dual-stack” endpoints. You will need to configure your client to prefer IPv4 addresses, which can be an application-level or host-level configuration option for many application runtime languages. Please consult the documentation for the language you are using for your runtime platform for the specific configuration option that prefers IPv4 connections.
Should I expect a change in Amazon S3 performance when using IPv6?
Amazon S3 and IPv6
Amazon Simple Storage Service (S3) | Storage
No, you will see the same performance when using either IPv4 or IPv6 with Amazon S3.
Will existing VPC Endpoints continue to work if I point to Amazon S3’s “dual-stack” endpoint?
Amazon S3 and IPv6
Amazon Simple Storage Service (S3) | Storage
Yes, you can continue using VPC Endpoint to access Amazon S3 over IPv4. If you use the dual-stack endpoint in an IPv4-only VPC, the VPC instances will drop the AAAA record and always access Amazon S3 over IPv4.
If I enable IPv6, will the IPv6 address appear in the Server Access Log?
Amazon S3 and IPv6
Amazon Simple Storage Service (S3) | Storage
Yes, IPv6 addresses will now be shown in the Server Access logs if you have the Amazon S3 Server Access logs feature enabled. Any customer tool or software that parses the logs should be updated to handle the new IPv6 address format. Please contact Developer Support if you have any issues with IPv6 traffic impacting your tool or software’s ability to handle IPv6 addresses in Server Access logs.
Do I need to update my bucket and IAM policies?
Amazon S3 and IPv6
Amazon Simple Storage Service (S3) | Storage
Yes, if you use policies to grant or restrict access via IP addresses, you will need to update those policies to include the associated IPv6 ranges before you switch to the “dual-stack” endpoint. If your bucket grants or restricts access to specific IAM users, you will also need to have the IAM policy administrator review those users’ IAM policies to ensure they have appropriate access to the associated IPv6 ranges before you switch to the “dual-stack” endpoint. Failure to do so may result in clients incorrectly losing or gaining access to the bucket when they start using IPv6.
What can I do if my clients are impacted by policy, network, or other restrictions in using IPv6 for Amazon S3?
Amazon S3 and IPv6
Amazon Simple Storage Service (S3) | Storage
Applications that are impacted by using IPv6 can switch back to the standard IPv4-only endpoints at any time.
Can I use IPv6 with all Amazon S3 features?
Amazon S3 and IPv6
Amazon Simple Storage Service (S3) | Storage
No, IPv6 support is not currently available when using Website Hosting and access via BitTorrent. All other features should work as expected when accessing Amazon S3 using IPv6.