diff --git a/backport-ec2-Do-not-enable-dhcp6-on-EC2.patch b/backport-ec2-Do-not-enable-dhcp6-on-EC2.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8923238d8234ce7c0bb1acdaca1a345e96f3af5a
--- /dev/null
+++ b/backport-ec2-Do-not-enable-dhcp6-on-EC2.patch
@@ -0,0 +1,119 @@
+From f0fb841883b80c71618582e43e1b3cd87a0dcb58 Mon Sep 17 00:00:00 2001
+From: Major Hayden <major@redhat.com>
+Date: Mon, 1 Apr 2024 18:28:12 +0000
+Subject: [PATCH] ec2: Do not enable dhcp6 on EC2 (#5104)
+
+When cloud-init finds any ipv6 information in the instance metadata, it
+automatically enables dhcp6 for the network interface. However, this
+brings up the instance with a broken IPv6 configuration because SLAAC
+should be used for almost all situations on EC2.
+
+Red Hat BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2092459
+Fedora Pagure: https://pagure.io/cloud-sig/issue/382
+Upstream: https://bugs.launchpad.net/cloud-init/+bug/1976526
+
+Fixes GH-3980
+
+Reference:https://github.com/canonical/cloud-init/commit/f0fb841883b80c71618582e43e1b3cd87a0dcb58
+Conflict:(1)Delete one more line of code. The content is "if nic_metadata.get('ipv6s'):  # Any IPv6 addresses configured"
+(2)The test cases are modified differently because the version is too early.
+
+Signed-off-by: Major Hayden <major@redhat.com>
+---
+ cloudinit/sources/DataSourceEc2.py          |  5 -----
+ tests/unittests/test_datasource/test_ec2.py | 14 +++++++-------
+ 2 files changed, 7 insertions(+), 12 deletions(-)
+
+diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py
+index 700437b..2d869db 100644
+--- a/cloudinit/sources/DataSourceEc2.py
++++ b/cloudinit/sources/DataSourceEc2.py
+@@ -773,8 +773,6 @@ def convert_ec2_metadata_network_config(
+                       'match': {'macaddress': mac.lower()},
+                       'set-name': nic_name}
+         nic_metadata = macs_metadata.get(mac)
+-        if nic_metadata.get('ipv6s'):  # Any IPv6 addresses configured
+-            dev_config['dhcp6'] = True
+         netcfg['ethernets'][nic_name] = dev_config
+         return netcfg
+     # Apply network config for all nics and any secondary IPv4/v6 addresses
+@@ -791,9 +789,6 @@ def convert_ec2_metadata_network_config(
+                       'dhcp6': False,
+                       'match': {'macaddress': mac.lower()},
+                       'set-name': nic_name}
+-        if nic_metadata.get('ipv6s'):  # Any IPv6 addresses configured
+-            dev_config['dhcp6'] = True
+-            dev_config['dhcp6-overrides'] = dhcp_override
+         dev_config['addresses'] = get_secondary_addresses(nic_metadata, mac)
+         if not dev_config['addresses']:
+             dev_config.pop('addresses')  # Since we found none configured
+diff --git a/tests/unittests/test_datasource/test_ec2.py b/tests/unittests/test_datasource/test_ec2.py
+index a93f219..f932e73 100644
+--- a/tests/unittests/test_datasource/test_ec2.py
++++ b/tests/unittests/test_datasource/test_ec2.py
+@@ -399,7 +399,7 @@ class TestEc2(test_helpers.HttprettyTestCase):
+         mac1 = '06:17:04:d7:26:09'  # Defined in DEFAULT_METADATA
+         expected = {'version': 2, 'ethernets': {'eth9': {
+             'match': {'macaddress': '06:17:04:d7:26:09'}, 'set-name': 'eth9',
+-            'dhcp4': True, 'dhcp6': True}}}
++            'dhcp4': True, 'dhcp6': False}}}
+         patch_path = M_PATH_NET + 'get_interfaces_by_mac'
+         get_interface_mac_path = M_PATH_NET + 'get_interface_mac'
+         with mock.patch(patch_path) as m_get_interfaces_by_mac:
+@@ -460,7 +460,7 @@ class TestEc2(test_helpers.HttprettyTestCase):
+             'addresses': ['172.31.45.70/20',
+                           '2600:1f16:292:100:f152:2222:3333:4444/128',
+                           '2600:1f16:292:100:f153:12a3:c37c:11f9/128'],
+-            'dhcp4': True, 'dhcp6': True}}}
++            'dhcp4': True, 'dhcp6': False}}}
+         patch_path = M_PATH_NET + 'get_interfaces_by_mac'
+         get_interface_mac_path = M_PATH_NET + 'get_interface_mac'
+         with mock.patch(patch_path) as m_get_interfaces_by_mac:
+@@ -509,7 +509,7 @@ class TestEc2(test_helpers.HttprettyTestCase):
+             self.logs.getvalue())
+         expected = {'version': 2, 'ethernets': {'eth9': {
+             'match': {'macaddress': mac1}, 'set-name': 'eth9',
+-            'dhcp4': True, 'dhcp6': True}}}
++            'dhcp4': True, 'dhcp6': False}}}
+         self.assertEqual(expected, ds.network_config)
+ 
+     def test_ec2_get_instance_id_refreshes_identity_on_upgrade(self):
+@@ -825,7 +825,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase):
+         nic1_metadata.pop('public-ipv4s')
+         expected = {'version': 2, 'ethernets': {'eth9': {
+             'match': {'macaddress': self.mac1}, 'set-name': 'eth9',
+-            'dhcp4': True, 'dhcp6': True}}}
++            'dhcp4': True, 'dhcp6': False}}}
+         self.assertEqual(
+             expected,
+             ec2.convert_ec2_metadata_network_config(
+@@ -875,7 +875,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase):
+         nic1_metadata['local-ipv4s'] = '10.0.0.42'  # Local ipv4 only on vpc
+         expected = {'version': 2, 'ethernets': {'eth9': {
+             'match': {'macaddress': self.mac1}, 'set-name': 'eth9',
+-            'dhcp4': True, 'dhcp6': True}}}
++            'dhcp4': True, 'dhcp6': False}}}
+         self.assertEqual(
+             expected,
+             ec2.convert_ec2_metadata_network_config(
+@@ -897,7 +897,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase):
+             'eth9': {
+                 'match': {'macaddress': self.mac1}, 'set-name': 'eth9',
+                 'dhcp4': True, 'dhcp4-overrides': {'route-metric': 100},
+-                'dhcp6': True, 'dhcp6-overrides': {'route-metric': 100}},
++                'dhcp6': False},
+             'eth10': {
+                 'match': {'macaddress': mac2}, 'set-name': 'eth10',
+                 'dhcp4': True, 'dhcp4-overrides': {'route-metric': 200},
+@@ -916,7 +916,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase):
+         nic1_metadata['ipv6s'] = '2620:0:1009:fd00:e442:c88d:c04d:dc85/64'
+         expected = {'version': 2, 'ethernets': {'eth9': {
+             'match': {'macaddress': self.mac1}, 'set-name': 'eth9',
+-            'dhcp4': True, 'dhcp6': True}}}
++            'dhcp4': True, 'dhcp6': False}}}
+         self.assertEqual(
+             expected,
+             ec2.convert_ec2_metadata_network_config(
+-- 
+2.33.0
+
diff --git a/cloud-init.spec b/cloud-init.spec
index 7986020cd96cc4137775fed887d7f5f07361a9d3..aadf49e23d4179a730ee65070417fbf1e846e500 100644
--- a/cloud-init.spec
+++ b/cloud-init.spec
@@ -1,6 +1,6 @@
 Name: cloud-init
 Version: 21.4
-Release: 26
+Release: 27
 Summary: the defacto multi-distribution package that handles early initialization of a cloud instance.
 License: ASL 2.0 or GPLv3
 URL: http://launchpad.net/cloud-init
@@ -75,6 +75,7 @@ Patch6040: backport-fix-Don-t-loosen-the-permissions-of-the-log-file.patch
 Patch6041: backport-fix-growpart-race-4618.patch
 Patch6042: backport-handle-error-when-log-file-is-empty-4859.patch
 Patch6043: backport-fix-Logging-sensitive-data.patch
+Patch6044: backport-ec2-Do-not-enable-dhcp6-on-EC2.patch
 
 BuildRequires: pkgconfig(systemd) python3-devel python3-setuptools systemd
 BuildRequires: iproute python3-configobj python3-httpretty >= 0.8.14-2
@@ -185,6 +186,12 @@ fi
 %exclude /usr/share/doc/*
 
 %changelog
+* Wed May 8 2024 dongyuzhen <dongyuzhen@h-partners.com> - 21.4-27
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:ec2: Do not enable dhcp6 on EC2
+
 * Fri Apr 12 2024 shixuantong <shixuantong1@huawei.com> - 21.4-26
 - Type:bugfix
 - CVE:NA
@@ -402,3 +409,4 @@ https://github.com/canonical/cloud-init/commit/0450a1faff9e5095e6da0865916501772
 
 * Tue Sep 17 2019 openEuler Buildteam <buildteam@openeuler.org> - 17.1-8
 - Package init.
+