aws-cli icon indicating copy to clipboard operation
aws-cli copied to clipboard
verified publisher icon aws

"aws cloudwatch list-metrics" runs forever when ran on an ipv6 only box

Open paul-civitas opened this issue 7 months ago • 2 comments

Describe the bug

When you run: aws ecr get-login-password from an ipv6 machine, it eventually times out as it can't establish a connection to ecr with the default endpoint (as you're required to use the dualstack endpoint, which has a separate address).

However when you run aws cloudwatch list-metrics from an ipv6 machine the command hangs indefinitely, which suggests a missing timeout in the codebase.

Regression Issue

  • [ ] Select this option if this issue appears to be a regression.

Expected Behavior

Either it works successfully or it times out.

Current Behavior

Program does not halt.

Reproduction Steps

Spin up a ipv6 only ec2 box.

Observe that aws secretsmanager list-secrets works correctly (as its default endpoint supports ipv6).

Observe that aws ecr get-login-password times out after some number of minutes.

Observe that aws cloudwatch list-metrics --debug runs seemingly indefinitely.

Possible Solution

Fix your timeouts ideally. But of course I'd love if aws's ipv6 support was improved as well of course.

Additional Information/Context

Spinning up ipv6 only boxes these days is actually quite easy.

CLI version used

aws-cli/2.25.0 Python/3.13.3 Linux/6.14.6-300.fc42.aarch64 source/aarch64.fedora.42

Environment details (OS name and version, etc.)

Fedora on us-east-2

paul-civitas avatar May 21 '25 23:05 paul-civitas

Hello @paul-civitas, thanks for reaching out. I have replicated the same environment where I only have IPv6 egress and got results.

  • aws secretsmanager list-secrets - either UseDualStack': True or UseDualStack': False , the command works.
  • aws cloudwatch list-metrics --debug - in order to use IPv6, you would need to set UseDualStack': True (e.g. running the command: aws configure set use_dualstack_endpoint true) https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-endpoints.html#endpoints-dual-stack
  • aws ecr get-login-password - neither UseDualStack': True or UseDualStack': False does not work.

Each services have their own implementation of supporting IPv6. I have reached out to the ECR Service team to see if ECR supports IPv6. I will update back if there's any updates. If you have any questions, please do let me know. Thank you.

For Internal Tracking: P250001544

adev-code avatar Jun 09 '25 15:06 adev-code

Hi @paul-civitas, also please ensure that you are using an AWS CLI version from 2.27.5 https://raw.githubusercontent.com/aws/aws-cli/v2/CHANGELOG.rst and from that, you can enable dual stack in order to connect to ECR via IPv6. If you have any questions, please do let me know. Thank you.

adev-code avatar Jun 09 '25 21:06 adev-code

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.

github-actions[bot] avatar Jun 19 '25 22:06 github-actions[bot]