diff --git a/data/publiccloud/terraform/ec2.tf b/data/publiccloud/terraform/ec2.tf
index f02e723b9ff1..891aef52f7b7 100644
--- a/data/publiccloud/terraform/ec2.tf
+++ b/data/publiccloud/terraform/ec2.tf
@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     aws = {
-      version = "= 5.14.0"
+      version = "= 5.58.0"
       source  = "hashicorp/aws"
     }
     random = {
@@ -72,7 +72,7 @@ variable "subnet_id" {
   default = ""
 }
 
-variable "ipv6_address_count" {
+variable "ipv6_prefix_count" {
   default = 0
 }
 
@@ -93,15 +93,23 @@ resource "aws_key_pair" "openqa-keypair" {
   public_key = file("${var.ssh_public_key}")
 }
 
+resource "aws_network_interface" "network_interface" {
+  count = var.instance_count
+  subnet_id = var.subnet_id
+  ipv6_prefix_count = var.ipv6_prefix_count
+  security_groups = [var.vpc_security_group_ids]
+}
+
 resource "aws_instance" "openqa" {
   count                  = var.instance_count
   ami                    = var.image_id
   instance_type          = var.type
   key_name               = aws_key_pair.openqa-keypair.key_name
-  vpc_security_group_ids = [var.vpc_security_group_ids]
   availability_zone      = var.availability_zone
-  subnet_id              = var.subnet_id
-  ipv6_address_count     = var.ipv6_address_count
+  network_interface {
+    network_interface_id = aws_network_interface.network_interface[count.index].id
+    device_index = 0
+  }
 
   tags = merge({
     openqa_created_by   = var.name
@@ -152,3 +160,7 @@ output "public_ip" {
 output "vm_name" {
   value = aws_instance.openqa.*.id
 }
+
+output "ipv6_prefixes" {
+  value = aws_network_interface.network_interface.*.ipv6_prefixes
+}
diff --git a/lib/publiccloud/instance.pm b/lib/publiccloud/instance.pm
index 422e4fcad181..2423078e13fb 100644
--- a/lib/publiccloud/instance.pm
+++ b/lib/publiccloud/instance.pm
@@ -29,6 +29,8 @@ use constant SSH_TIMEOUT => 90;
 has instance_id => undef;    # unique CSP instance id
 has resource_id => undef;    # randomized resource id for all resources (e.g. resource group and storage account)
 has public_ip => undef;    # public IP of instance
+has public_ip6 => undef;  # public IPv6 of instance
+has ip6_subnet => undef;  # IPv6 subnet assigned to the instance
 has username => undef;    # username for ssh connection
 has image_id => undef;    # image from where the VM is booted
 has type => undef;
diff --git a/lib/publiccloud/provider.pm b/lib/publiccloud/provider.pm
index 598f1208a508..2ac130b0f397 100644
--- a/lib/publiccloud/provider.pm
+++ b/lib/publiccloud/provider.pm
@@ -352,6 +352,11 @@ sub create_instances {
             # Install server's ssh publicckeys to prevent authenticity interactions
             assert_script_run(sprintf('ssh-keyscan %s >> ~/.ssh/known_hosts', $instance->public_ip));
         }
+
+        $instance->ssh_assert_script_run('sudo ip -6 a a ' . $instance->public_ip6 . '/128 dev eth0') if ($instance->public_ip6);
+        $instance->ssh_assert_script_run('sudo ip a s');
+        $instance->ssh_assert_script_run('sudo ip -6 r s');
+
         # check guestregister conditional, default yes:
         $instance->wait_for_guestregister() if ($args{check_guestregister});
 
@@ -514,11 +519,11 @@ sub terraform_apply {
             my $vpc_security_group_ids = script_output("aws ec2 describe-security-groups --region '" . $self->provider_client->region . "' --filters 'Name=group-name,Values=tf-sg' --query 'SecurityGroups[0].GroupId' --output text");
             my $availability_zone = script_output("aws ec2 describe-instance-type-offerings --location-type availability-zone  --filters Name=instance-type,Values=" . $instance_type . "  --region '" . $self->provider_client->region . "' --query 'InstanceTypeOfferings[0].Location' --output 'text'");
             my $subnet_id = script_output("aws ec2 describe-subnets --region '" . $self->provider_client->region . "' --filters 'Name=tag:Name,Values=tf-subnet' 'Name=availabilityZone,Values=" . $availability_zone . "' --query 'Subnets[0].SubnetId' --output text");
-            my $ipv6_address_count = get_var('PUBLIC_CLOUD_EC2_IPV6_ADDRESS_COUNT', 1);
+            my $ipv6_prefix_count = get_var('PUBLIC_CLOUD_EC2_IPV6_PREFIX_COUNT', 0);
             $cmd .= "-var 'vpc_security_group_ids=$vpc_security_group_ids' ";
             $cmd .= "-var 'availability_zone=$availability_zone' ";
             $cmd .= "-var 'subnet_id=$subnet_id' ";
-            $cmd .= "-var 'ipv6_address_count=$ipv6_address_count' " if ($ipv6_address_count);
+            $cmd .= "-var 'ipv6_prefix_count=$ipv6_prefix_count' " if ($ipv6_prefix_count);
         } elsif (is_azure) {
             my $subnet_id = script_output("az network vnet subnet list -g 'tf-" . $self->provider_client->region . "-rg' --vnet-name 'tf-network' --query '[0].id' --output 'tsv'");
             $cmd .= "-var 'subnet_id=$subnet_id' " if ($subnet_id);
@@ -586,7 +591,7 @@ sub terraform_apply {
     # 4) Terraform output
 
     my $output = decode_json(script_output("terraform output -json"));
-    my ($vms, $ips, $resource_id);
+    my ($vms, $ips, $resource_id, $ipv6_prefixes);
     if (get_var('PUBLIC_CLOUD_SLES4SAP')) {
         foreach my $vm_type ('hana', 'drbd', 'netweaver') {
             push @{$vms}, @{$output->{$vm_type . '_name'}->{value}};
@@ -595,14 +600,25 @@ sub terraform_apply {
     } else {
         $vms = $output->{vm_name}->{value};
         $ips = $output->{public_ip}->{value};
+        $ipv6_prefixes = (is_ec2) ? $output->{ipv6_prefixes}->{value} : undef;
         # ResourceID is only provided in the PUBLIC_CLOUD_AZURE_NFS_TEST
         $resource_id = $output->{resource_id}->{value} if (get_var('PUBLIC_CLOUD_AZURE_NFS_TEST'));
     }
 
     my @instances;
     foreach my $i (0 .. $#{$vms}) {
+        my $ipv6_address;
+        if (@{$ipv6_prefixes}[$i] && @{$ipv6_prefixes}[$i]->[0]) {
+            record_info 'IPv6 prefix', @{$ipv6_prefixes}[$i]->[0];
+            $ipv6_address = @{$ipv6_prefixes}[$i]->[0];
+            $ipv6_address =~ s/::\/.*/::/;
+            record_info 'IPv6 address', $ipv6_address;
+        }
+
         my $instance = publiccloud::instance->new(
             public_ip => @{$ips}[$i],
+            public_ip6 => $ipv6_address,
+            #ip6_subnet => @{$ipv6_prefixes}[$i]->[0],
             resource_id => $resource_id,
             instance_id => @{$vms}[$i],
             username => $self->provider_client->username,
diff --git a/variables.md b/variables.md
index b92126cc4e02..c17879f2de42 100644
--- a/variables.md
+++ b/variables.md
@@ -320,7 +320,7 @@ PUBLIC_CLOUD_EC2_UPLOAD_AMI | string | "" | Needed to decide which image will be
 PUBLIC_CLOUD_EC2_UPLOAD_SECGROUP | string | "" | Allow to instruct ec2uploadimg script to use some existing security group instead of creating new one. If given, the parameter `--security-group-ids` is passed to `ec2uploadimg`.
 PUBLIC_CLOUD_EC2_UPLOAD_VPCSUBNET | string | "" | Allow to instruct ec2uploadimg script to use some existing VPC instead of creating new one.
 PUBLIC_CLOUD_EC2_BOOT_MODE | string | "uefi-preferred" | The `--boot-mode` parameter for `ec2uploadimg` script. Available values: `legacy-bios`, `uefi`, `uefi-preferred` Currently unused variable. Use `git blame` to get context.
-PUBLIC_CLOUD_EC2_IPV6_ADDRESS_COUNT | string | 0 | How many IPv6 addresses should the instance have
+PUBLIC_CLOUD_EC2_IPV6_PREFIX_COUNT | string | 0 | How many IPv6 addresses should the instance have
 PUBLIC_CLOUD_GCE_STACK_TYPE | string | IPV4_ONLY | Network stack type, possible values: IPV4_IPV6 or IPV4_ONLY
 PUBLIC_CLOUD_FIO | boolean | false | If set, storage_perf test module is added to the job.
 PUBLIC_CLOUD_FIO_RUNTIME | integer | 300 | Set the execution time for each FIO tests.