aws-cli icon indicating copy to clipboard operation
aws-cli copied to clipboard
verified publisher icon aws

CreateVPC can't create IPv6 only VPC

Open aRustyDev opened this issue 8 months ago • 5 comments

Describe the bug

$ aws ec2 create-vpc --ipv6-ipam-pool-id <ipam-pool-id> --ipv6-netmask-length 56

An error occurred (MissingParameter) when calling the CreateVpc operation: Either 'cidrBlock' or 'ipv4IpamPoolId' should be provided.

Regression Issue

  • [x] Select this option if this issue appears to be a regression.

Expected Behavior

Should successfully create an IPv6 Only VPC

Following the directions from a terraform managed terraform-module for creating a VPC also fails (b/c its likely an API/CLI issue)

Current Behavior

$ aws ec2 create-vpc --ipv6-ipam-pool-id <ipam-pool-id> --ipv6-netmask-length 56

An error occurred (MissingParameter) when calling the CreateVpc operation: Either 'cidrBlock' or 'ipv4IpamPoolId' should be provided.

Reproduction Steps

  1. create a IPv6_IPAM_Pool independently
  2. Get the Pool Id of the above
  3. run aws ec2 create-vpc --ipv6-ipam-pool-id <ipam-pool-id> --ipv6-netmask-length 56

Possible Solution

No response

Additional Information/Context

No response

CLI version used

aws-cli/2.11.8 Python/3.11.2 Darwin/24.4.0 exe/x86_64 prompt/off

Environment details (OS name and version, etc.)

Darwin mybox 24.4.0 Darwin Kernel Version 24.4.0: Fri Apr 11 18:28:23 PDT 2025; root:xnu-11417.101.15~117/RELEASE_X86_64 x86_64

aRustyDev avatar Apr 29 '25 16:04 aRustyDev

for anyone whose experiencing a similar issue, I created a ticket on hashicorp/terraform-provider-aws as well link

aRustyDev avatar Apr 29 '25 16:04 aRustyDev

Also found this "similar" issue here, I'm going to follow its recommendations as well.

aRustyDev avatar Apr 29 '25 16:04 aRustyDev

Hello @aRustyDev, thanks for reaching out. I have replicated the command above aws ec2 create-vpc --ipv6-ipam-pool-id <ipam-pool-id> --ipv6-netmask-length 56 and got the same issue. I am not a VPC service expert but I created a ticket to the VPC service team for clarification on whether or not they are needed (as it looks like the parameters are needed) and asked for API documentation to be updated. I will update if there are any updates. Thank you.

For Internal Tracking: P232150481

adev-code avatar Apr 30 '25 20:04 adev-code

Hello @aRustyDev , thanks for the patience. The team has clarified that the service don't support IPv6-only VPCs right now, only IPv6-only subnets. The validation error that you are seeing is from the service server-side, not CLI. As per the service, 'cidrBlock' or 'ipv4IpamPoolId' should be provided. Please let me know if you have any questions. Thank you.

adev-code avatar May 08 '25 17:05 adev-code

Yeah I see that now, I wish it had been a bit clearer and less buried in documentation.

Heres where it says it

Creating a VPC requires and IPv4 CIDR block to be specified. See here

IPv4 VPC CIDR blocks

When you create a VPC, you must specify an IPv4 CIDR block for the VPC. The allowed block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses). After you've created your VPC, you can associate additional IPv4 CIDR blocks with the VPC. For more information, see Add or remove a CIDR block from your VPC.

When you create a VPC, we recommend that you specify a CIDR block from the private IPv4 address ranges as specified in RFC 1918.

Once you have created the VPC, you can create IPv6 only subnets within it. Instances/interfaces within these subnets will not have IPv4 addresses assigned. See blog here

Credit: iBehr Source: https://repost.aws/questions/QU9yKWnv63TJmba3kL7jHE2g/createvpc-for-ipv6-only-vpc-fails

The issue I see with this is that its not clear enough for even the AWS Generative AI tools to be able to pick up its not possible.

I would suggest a fix to the CLI documentation that clarifies that IPv6 Only VPCs are not currently possible, and that inorder for a VPC to have only IPv6 addresses it must be implemented at the subnet level not the VPC level.

I'm not really familiar with where that is at but I'd be interested in making the contribution if it would be appreciated? I know I'd prefer to have it there so its at least clearer for anyone else who follows my same path.

aRustyDev avatar May 10 '25 18:05 aRustyDev

Thank you for the reply. I have reached out to the EC2 Service team for this request as they managed this documentation. We don't have a timeline for now on when the change. Although moving forward, please check the changelogs (AWS CLI, Boto3, Botocore) and the documentation itself for updates.

Internal Ref: P303641403

adev-code avatar Sep 18 '25 16:09 adev-code

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.

github-actions[bot] avatar Sep 18 '25 16:09 github-actions[bot]