aws · ykethan · May 9, 2025 · May 9, 2025
diff --git a/packages/aws-cdk-lib/aws-apigatewayv2/lib/common/domain-name.ts b/packages/aws-cdk-lib/aws-apigatewayv2/lib/common/domain-name.ts
@@ -120,6 +120,14 @@ export interface EndpointOptions {
    */
   readonly securityPolicy?: SecurityPolicy;
 
+  /**
+   * The IP address types that can invoke this domain name.
+   * Use 'ipv4' to allow only IPv4 addresses to invoke the domain name, or use 'dualstack'
+   * to allow both IPv4 and IPv6 addresses to invoke the domain name.
+   * @default - undefined - AWS default is IPV4
+   */
+  readonly ipAddressType?: IpAddressType;
+
   /**
    * A public certificate issued by ACM to validate that you own a custom domain. This parameter is required
    * only when you configure mutual TLS authentication and you specify an ACM imported or private CA certificate

diff --git a/packages/aws-cdk-lib/aws-apigatewayv2/test/http/domain-name.test.ts b/packages/aws-cdk-lib/aws-apigatewayv2/test/http/domain-name.test.ts
@@ -270,6 +270,30 @@ describe('DomainName', () => {
     });
   });
 
+  test('domain name with IP address type set to DUAL_STACK', () => {
+    // GIVEN
+    const stack = new Stack();
+
+    // WHEN
+    new DomainName(stack, 'DomainName', {
+      domainName,
+      certificate: Certificate.fromCertificateArn(stack, 'cert', certArn),
+      ipAddressType: IpAddressType.DUAL_STACK,
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::DomainName', {
+      DomainName: 'example.com',
+      DomainNameConfigurations: [
+        {
+          CertificateArn: 'arn:aws:acm:us-east-1:111111111111:certificate',
+          EndpointType: 'REGIONAL',
+          IpAddressType: 'dualstack',
+        },
+      ],
+    });
+  });
+
   test('throws when ownerhsip cert is used for non-mtls domain', () => {
     // GIVEN
     const stack = new Stack();