I mentioned last year that I “downsized” my web projects from DigitalOcean to super cheap EC2. Naturally, a few months later AWS announced that they would start charging a few dollars per month for a dedicated IPv4 address.

I asked around on Hacker News and decided that the simplest solution was to put the site on Cloudflare’s free proxy plan, and then update the web server to only use IPv6, thus saving on the IPv4 costs. The way it works is this:

The key point is that you can have an upstream service that is only accessible via IPv6, and Cloudflare helpfully still proxies traffic to it through its set of IPv4 addresses, maintaining compatibility for legacy IPv4 clients.

That all sounded pretty straightforward, but I still learned a few things from my upgrade experience:

How to assign an IPv6 to your EC2 instance

There is a field in the EC2 instance properties that indicates your IPv6. Mine was blank.

I hadn’t really understood that if you create an EC2 instance, it comes with an entire virtual private networking setup. There’s something so easy about old-school IPv4 networking. Your server gets a public IP address, it can reach the whole public internet with zero complexity, you advertise your IP address in a DNS A record, and you’re done.

IPv6 isn’t like that, because huge numbers of clients still just don’t support IPv6. And the AWS upgrade path from IPv4 to IPv6 is thorny.

The upgrade path to enabling IPv6 is:

In general, I got the impression from AWS’s own blog posts that they only support “dual stack” networking as a sort of awkward transitional path.

https://aws.amazon.com/blogs/networking-and-content-delivery/dual-stack-ipv6-architectures-for-aws-and-hybrid-networks/

https://superuser.com/questions/1801957/how-to-turn-on-ipv6-on-amazon-ec2-instance

After you finish getting an IPv6 address

You have to reconfigure all your services that listen on a network port to listen on the IPv6 interface. By default, NGINX and sshd will only listen on IPv4.

If you try removing the IPv4 address from your virtual server, and you didn’t figure out that sshd needs reconfiguring, then you can’t ssh to your instance anymore. (It’s not difficult to log in with the remote web console and fix it. It’s just annoying. It’s death by a thousand cuts, and by death I mean nuisance.)

Anyway, I eventually got my webserver reconfigured to use only IPv6. If I were doing it again — I would just make a new instance that was IPv6 by default, and delete the old one.

But that wasn’t the bad part.

The bad part was: No matter what I did, I could not figure out how to delete all the IPv4 virtual private networking components from AWS. For something like 4 months, I kept paying the useless IPv4 fee, because I just could not figure out how to avoid it.

I probably should have just asked my work colleagues in devops what to do. But it really seemed like it should not be that hard.

In the end

I started writing this post last January and only got around to publishing it in August. Oops.

There’s a point of diminishing returns for personal projects. Eventually you can run out of spare energy for them.

I deleted my EC2 instance and moved all the websites to static S3 buckets.

There was only one dynamic web application left on my server. It was only for a niche digital art project, so I just left it broken. It didn’t seem worth migrating it to use a serverless architecture (AWS Lambda).

My AWS bills went down to like 25 cents per month. So in the end - it’s like a 20x cost savings over the $6 Digital Ocean box I used to have.

The downside is that I don’t have a virtual Linux box anymore. But at the same time, it’s a relief not to have to do maintenance or system updates anymore.