Back to list

IPv6 support breaks existing IAM policies with unexpected behavior

6/10 Medium

AWS adding IPv6/AAAA support to endpoints breaks existing IAM policies that use v4-centric statements (like aws:SourceIp). This causes unexpected DENYs or, worse, unexpected ALLOWs that compromise access control, impacting customers in affected regions with limited workarounds.

AWSAWS IAMIPv6
Category
compatibility
Workaround
hack
Freshness
emerging
Scope
single_lib
Upstream
open
Recurring
No
Buyer Type
enterprise
Maintainer
slow

Sources

Collection History

Query: “What are the most common pain points with AWS for developers in 2025?3/29/2026

Introducing a new v6 value is going to break all of those existing policies with either unexpected DENYs or, worse, ALLOWs. Thats a pretty poor customer experience to unexpectedly break your existing infrastructure or compromise your access control intentions.

Created: 3/29/2026Updated: 3/29/2026