# Use IPv6 with Kinesis Video Streams
<a name="ipv6-support"></a>

You can configure Kinesis Video Streams to use IPv6 for both control plane and data plane operations. This enables your applications to communicate with Kinesis Video Streams services using IPv6 addresses through dual-stack endpoints.

**Note**  
IPv6 support requires specific SDK versions and configuration settings. Ensure that your Kinesis Video Streams SDK and AWS SDK versions support IPv6 dual-stack endpoints. Dual-stack endpoints support both IPv4 and IPv6 traffic and are available for some services in some Regions.

Kinesis Video Streams supports IPv6 through dual-stack endpoints for both producer and consumer applications. You can configure your applications to use IPv6 for control plane API calls and data plane streaming operations.

## Configure the AWS SDK for IPv6
<a name="configure-aws-sdk-ipv6"></a>

If you're using the AWS SDK to call Kinesis Video Streams control plane APIs in your production setup, you can enable IPv6 by configuring dual-stack endpoints. The AWS SDK provides several standardized methods to enable dual-stack endpoints.

**Important**  
When dual-stack endpoints are enabled, the SDK attempts to use dual-stack endpoints to make network requests. If a dual-stack endpoint doesn't exist for the service or Region, the request fails.

### Use environment variables
<a name="ipv6-environment-variables"></a>

Set the following environment variable to enable IPv6 dual-stack endpoints:

```
export AWS_USE_DUALSTACK_ENDPOINT=true
```

### Use the AWS configuration file
<a name="ipv6-config-file"></a>

Add the following setting to your AWS configuration file (`~/.aws/config`):

```
[default]
use_dualstack_endpoint = true
```

### Use JVM system properties (Java and Kotlin SDKs only)
<a name="ipv6-jvm-properties"></a>

For Java and Kotlin applications, set the following JVM system property:

```
-Daws.useDualstackEndpoint=true
```

Or programmatically in your Java code:

```
System.setProperty("aws.useDualstackEndpoint", "true");
```

### SDK support
<a name="sdk-support-table"></a>

The following AWS SDKs support dual-stack endpoint configuration:


| SDK | Supported | Configuration methods | 
| --- | --- | --- | 
| AWS CLI v2 | Yes | Environment variable, configuration file | 
| SDK for C\+\+ | Yes | Environment variable, configuration file | 
| SDK for Go V2 (1.x) | Yes | Environment variable, configuration file | 
| SDK for Java 2.x | Yes | Environment variable, configuration file, JVM property | 
| SDK for Java 1.x | No | Not supported | 
| SDK for JavaScript 3.x | Yes | Environment variable, configuration file | 
| SDK for Python (Boto3) | Yes | Environment variable, configuration file | 

After you configure dual-stack endpoints, the AWS SDK automatically uses IPv6 endpoints when calling Kinesis Video Streams control plane APIs.

## Configure the Kinesis Video Streams Producer SDK for IPv6
<a name="configure-producer-sdk-ipv6"></a>

The Kinesis Video Streams Producer SDK provides IPv6 configuration options for both control plane and data plane operations. These settings work with the AWS SDK dual-stack endpoint configuration.

### Configure the C/C\+\+ Producer SDK
<a name="configure-c-cpp-producer-sdk"></a>

The default endpoints and DNS resolution chain is implemented by the KVS Producer-C SDK version 1.6.0. It sequentially checks each place where you can set the configuration for these parameters, and then selects the first one you set. The predefined sequence is as follows:

For more information about the Producer SDKs, see the [Producer SDK for C](https://github.com/awslabs/amazon-kinesis-video-streams-producer-c), [Producer SDK for C\+\+](https://github.com/awslabs/amazon-kinesis-video-streams-producer-sdk-cpp), and [Producer SDK related topics](https://docs.aws.amazon.com/kinesisvideostreams/latest/dg/producer-sdk.html#producer-sdk-related-topics).

#### Endpoint Configuration
<a name="endpoint-configuration"></a>

1. The `controlPlaneUrl` parameter for `createAbstractDefaultCallbacksProvider`.

1. Endpoint configuration CMake parameters: (`-DAWS_KVS_USE_LEGACY_ENDPOINT_ONLY=TRUE`, `-DAWS_KVS_USE_DUAL_STACK_ENDPOINT_ONLY=TRUE`)

1. Environment variables: (`export AWS_USE_DUALSTACK_ENDPOINT=TRUE`)
   + If `AWS_USE_DUALSTACK_ENDPOINT` is `TRUE` (case-insensitive), the dual-stack endpoint will be used.

1. Otherwise, the legacy endpoint will be constructed and used.

With 2, 3, and 4, the endpoint will be constructed based on the region provided to `createAbstractDefaultCallbacksProvider`.

#### DNS filtering
<a name="dns-filtering"></a>

The KVS Producer SDK will set the appropriate `CURLOPT_IPRESOLVE` parameter depending on the configuration:

1. DNS resolution CMake parameters: (`-DAWS_KVS_IPV4_ONLY=TRUE`, `-DAWS_KVS_IPV6_ONLY=TRUE`, `-DAWS_KVS_IPV4_AND_IPV6_ONLY=TRUE`)

1. Environment variables (`export AWS_KVS_USE_IPV4=TRUE`, `export AWS_KVS_USE_IPV6=TRUE`)

1. Otherwise, no filtering will take place. Both IPv4 and IPv6 IP addresses, if returned by DNS, may be used.

**Note**  
If the DNS filter settings are set to filter for IPV6 IP addresses, but the SDK configuration is to use the legacy endpoint (returns IPV4-only addresses), the request will fail.

The C\+\+ Producer SDK version 3.5.0 uses the Producer-C SDK 1.6.0 for the KVS API calls.

### Configure the GStreamer plugin
<a name="configure-gstreamer-plugin"></a>

The GStreamer plugin uses the underlying C Producer SDK, so IPv6 configuration is handled automatically when you configure the C SDK for IPv6 as described previously.

Modifying the code is not required, simply build the SDK with the CMake parameters or set the appropriate environment variables as described in the previous section.

### Data plane endpoint resolution
<a name="data-plane-endpoint-resolution"></a>

For data plane operations, use the `GetDataEndpoint` API to retrieve the appropriate dual-stack data plane endpoint. The service returns the corresponding endpoint depending on the request URL.

Example:
+ If the `GetDataEndpoint` API request is made to the legacy endpoint ending in `.amazonaws.com`, Kinesis Video Streams will return the legacy data plane endpoints ending with `.amazonaws.com`.
+ If the `GetDataEndpoint` API request is made to the dual-stack endpoint ending in `.api.aws`, Kinesis Video Streams will return the dual-stack data plane endpoint ending with `.api.aws`.

## Configure the AWS CLI for IPv6
<a name="configure-aws-cli-ipv6"></a>

If you're using the AWS CLI for Kinesis Video Streams operations (typically for proof-of-concept work), you can enable IPv6 by configuring dual-stack endpoints.

### Use an environment variable
<a name="cli-environment-variable"></a>

```
export AWS_USE_DUALSTACK_ENDPOINT=true
```

### Use the AWS configuration file
<a name="cli-config-file"></a>

Add the following to your AWS CLI configuration file (`~/.aws/config`):

```
[default]
use_dualstack_endpoint = true
```

## Configuration examples
<a name="configuration-examples"></a>

### C SDK example
<a name="c-sdk-example"></a>

To build the KVS Producer-C SDK in IPV6-only mode and ignore environment variable configuration, use the following commands to build the SDK:

```
cmake .. -DAWS_KVS_USE_DUAL_STACK_ENDPOINT_ONLY=TRUE -DAWS_KVS_IPV6_ONLY=TRUE
make -j
```

**Note**  
If you already have the SDK built, you will need to perform a clean build. Delete the existing build, open-source, and dependency folders before running the build commands.

## Considerations
<a name="ipv6-considerations"></a>

### Network requirements
<a name="network-requirements"></a>
+ Ensure that your network infrastructure supports IPv6 connectivity
+ Verify that your security groups and network ACLs allow IPv6 traffic
+ Test connectivity to AWS IPv6 endpoints from your deployment environment
+ Dual-stack endpoints are available for some services in some Regions—verify availability for your target Regions

### SDK compatibility
<a name="sdk-compatibility"></a>
+ Ensure that you're using a supported AWS SDK version
+ The AWS SDK for Java 1.x doesn't support dual-stack endpoint configuration
+ For the SDK for Go 1.x (V1), you must enable loading from the configuration file to use shared configuration file settings

### Testing and validation
<a name="testing-validation"></a>

Before you deploy IPv6-enabled Kinesis Video Streams applications to production:
+ Test control plane operations (stream creation, deletion, listing)
+ Verify data plane operations (video ingestion and consumption)
+ Validate performance and connectivity in your network environment
+ Run canary tests to ensure consistent IPv6 functionality
+ Test failover behavior when dual-stack endpoints aren't available

## Customers impacted by the upgrade to include IPv6
<a name="customers-impacted-ipv6"></a>

When you enable IPv6 for Kinesis Video Streams, there are several areas where you might need to update your existing configurations and policies to ensure continued functionality.

### IAM policies and IP address filtering
<a name="iam-policies-ip-filtering"></a>

If you use source IP address filtering in your IAM user policies, role policies, or resource-based policies, you need to update these policies to include IPv6 address ranges.

**Important**  
Existing IAM policies that use IPv4 CIDR blocks in `IpAddress` or `NotIpAddress` conditions will not automatically work with IPv6 addresses. You must explicitly add IPv6 ranges to maintain access control.

Example IAM policy update for IPv6:

```
{
  "Version": "2012-10-17",		 	 	 
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "kinesisvideo:*",
      "Resource": "*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "192.0.2.0/24",
            "203.0.113.0/24",
            "2001:db8::/32"
          ]
        }
      }
    }
  ]
}
```

### Logging and monitoring
<a name="logging-monitoring-ipv6"></a>

IPv6 addresses have a different format than IPv4 addresses, which can impact your logging, monitoring, and analytics systems.

#### logs
<a name="cloudtrail-logs"></a>

 logs will contain IPv6 addresses in the `sourceIPAddress` field when requests are made over IPv6. Update your log parsing tools and scripts to handle IPv6 address formats.

Example IPv6 address in logs:

```
{
  "sourceIPAddress": "2001:db8::1",
  "eventName": "CreateStream",
  "eventSource": "kinesisvideo.amazonaws.com"
}
```

## Troubleshooting
<a name="troubleshooting-ipv6"></a>

### Common issues
<a name="common-issues"></a>
+ Connection failures – Verify IPv6 network connectivity and DNS resolution
+ SDK errors – Ensure that you're using compatible SDK versions that support dual-stack endpoints
+ Authentication issues – Confirm that IAM policies and credentials work with IPv6 endpoints
+ Endpoint not available – If a dual-stack endpoint doesn't exist for the service or Region, requests fail

### Verification steps
<a name="verification-steps"></a>
+ Check that `AWS_USE_DUALSTACK_ENDPOINT=true` is set or `use_dualstack_endpoint = true` is in your configuration file
+ Verify that Kinesis Video Streams SDK IPv6 configuration flags are properly set
+ Test network connectivity to AWS IPv6 endpoints
+ Review application logs for IPv6-specific error messages
+ Confirm that your Region supports dual-stack endpoints for Kinesis Video Streams

### Configuration validation
<a name="configuration-validation"></a>

You can verify your dual-stack endpoint configuration by checking:
+ Environment variables: `echo $AWS_USE_DUALSTACK_ENDPOINT`
+ AWS configuration file: `cat ~/.aws/config | grep use_dualstack_endpoint`
+ JVM properties (Java): Check system properties in your application logs