diff --git a/vpc.tf b/vpc.tf
index aeb2882..9297c9a 100644
--- a/vpc.tf
+++ b/vpc.tf
@@ -4,6 +4,7 @@ resource "aws_vpc" "vault" {
   instance_tenancy = var.vpc_instance_tenancy
   enable_dns_support = var.vpc_enable_dns_support
   enable_dns_hostnames = var.vpc_enable_dns_hostnames
+  assign_generated_ipv6_cidr_block = true
 
   tags = merge(
     { "Name" = "${var.main_project_tag}-vpc" },
@@ -34,6 +35,17 @@ resource "aws_internet_gateway" "igw" {
   )
 }
 
+## Egress Only Gateway (IPv6)
+resource "aws_egress_only_internet_gateway" "eigw" {
+  vpc_id = aws_vpc.vault.id
+
+  tags = merge(
+    { "Name" = "${var.main_project_tag}-eigw"},
+    { "Project" = var.main_project_tag },
+    var.vpc_tags
+  )
+}
+
 ## NAT Gateway
 
 #### The NAT Elastic IP
@@ -99,6 +111,12 @@ resource "aws_route" "public_internet_access" {
   gateway_id = aws_internet_gateway.igw.id
 }
 
+resource "aws_route" "public_internet_access_ipv6" {
+  route_table_id = aws_route_table.public.id
+  destination_ipv6_cidr_block = "::/0"
+  egress_only_gateway_id = aws_egress_only_internet_gateway.eigw.id
+}
+
 ## Private Route Table
 resource "aws_route_table" "private" {
   vpc_id = aws_vpc.vault.id
@@ -138,6 +156,9 @@ resource "aws_subnet" "public" {
   availability_zone = data.aws_availability_zones.available.names[count.index]
   map_public_ip_on_launch = true
 
+  ipv6_cidr_block = cidrsubnet(aws_vpc.vault.ipv6_cidr_block, 8, count.index)
+  assign_ipv6_address_on_creation = true
+
   tags = merge(
     { "Name" = "${var.main_project_tag}-public-${data.aws_availability_zones.available.names[count.index]}"},
     { "Project" = var.main_project_tag },