ipv6 parameters for vpc

Author: drewmullen

README.md

@@ -404,6 +404,9 @@ No modules.
 | <a name="input_intra_subnets"></a> [intra\_subnets](#input\_intra\_subnets) | A list of intra subnets | `list(string)` | `[]` | no |
 | <a name="input_ipv4_ipam_pool_id"></a> [ipv4\_ipam\_pool\_id](#input\_ipv4\_ipam\_pool\_id) | (Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. | `string` | `null` | no |
 | <a name="input_ipv4_netmask_length"></a> [ipv4\_netmask\_length](#input\_ipv4\_netmask\_length) | (Optional) The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4\_ipam\_pool\_id. | `number` | `null` | no |
+| <a name="input_ipv6_cidr"></a> [ipv6\_cidr](#input\_ipv6\_cidr) | (Optional) IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using `ipv6_netmask_length`. | `string` | `null` | no |
+| <a name="input_ipv6_ipam_pool_id"></a> [ipv6\_ipam\_pool\_id](#input\_ipv6\_ipam\_pool\_id) | (Optional) IPAM Pool ID for a IPv6 pool. Conflicts with `assign_generated_ipv6_cidr_block`. | `string` | `null` | no |
+| <a name="input_ipv6_netmask_length"></a> [ipv6\_netmask\_length](#input\_ipv6\_netmask\_length) | (Optional) Netmask length to request from IPAM Pool. Conflicts with `ipv6_cidr_block`. This can be omitted if IPAM pool as a `allocation_default_netmask_length` set. Valid values: `56`. | `number` | `null` | no |
 | <a name="input_manage_default_network_acl"></a> [manage\_default\_network\_acl](#input\_manage\_default\_network\_acl) | Should be true to adopt and manage Default Network ACL | `bool` | `false` | no |
 | <a name="input_manage_default_route_table"></a> [manage\_default\_route\_table](#input\_manage\_default\_route\_table) | Should be true to manage default route table | `bool` | `false` | no |
 | <a name="input_manage_default_security_group"></a> [manage\_default\_security\_group](#input\_manage\_default\_security\_group) | Should be true to adopt and manage default security group | `bool` | `false` | no |

examples/ipam-vpc/main.tf

@@ -3,7 +3,8 @@ provider "aws" {
 }
 
 locals {
-  name = "ipam-vpc-example"
+  name        = "ipam-vpc-example"
+  ipv6_deploy = var.ipv6_pool_cidr != null && var.ipv6_pool_cidr_authorization_message != null && var.ipv6_pool_cidr_authorization_signature != null ? true : false
 }
 
 # IPAM Setup
@@ -15,6 +16,8 @@ resource "aws_vpc_ipam" "example" {
   }
 }
 
+# IPv4 Setup
+
 resource "aws_vpc_ipam_pool" "ipv4_example" {
   address_family                    = "ipv4"
   ipam_scope_id                     = aws_vpc_ipam.example.private_default_scope_id
@@ -27,8 +30,37 @@ resource "aws_vpc_ipam_pool_cidr" "ipv4_example" {
   cidr         = "172.2.0.0/16"
 }
 
+# IPv6 Setup
+
+resource "aws_vpc_ipam_pool" "ipv6_test_public" {
+  count = local.ipv6_deploy ? 1 : 0
+
+  address_family                    = "ipv6"
+  ipam_scope_id                     = aws_vpc_ipam.example.public_default_scope_id
+  locale                            = data.aws_region.current.name
+  description                       = "public ipv6"
+  publicly_advertisable             = false
+  aws_service                       = "ec2"
+  allocation_default_netmask_length = 56
+
+}
+
+resource "aws_vpc_ipam_pool_cidr" "ipv6_test_public" {
+  count = local.ipv6_deploy ? 1 : 0
+
+  ipam_pool_id = aws_vpc_ipam_pool.ipv6_test_public[0].id
+  cidr         = var.ipv6_pool_cidr
+  cidr_authorization_context {
+    message   = var.ipv6_pool_cidr_authorization_message
+    signature = var.ipv6_pool_cidr_authorization_signature
+  }
+}
+
+
 # Usage Patterns
 
+# IPv4 VPC Examples
+
 module "no_ipam_vpc_example" {
   source = "../.."
   name   = "no-ipam-${local.name}"
@@ -63,3 +95,43 @@ module "ipv4_ipam_default_netmask_vpc" {
     aws_vpc_ipam_pool_cidr.ipv4_example
   ]
 }
+
+# IPv6 VPC Examples
+
+module "ipv6_ipam_explicit_cidr_vpc" {
+  count = local.ipv6_deploy && var.ipv6_ipam_explicit_cidr != null ? 1 : 0
+
+  source            = "../.."
+  name              = "ipv6-explicit-cidr-${local.name}"
+  cidr              = "172.2.0.32/28"
+  ipv6_ipam_pool_id = aws_vpc_ipam_pool.ipv6_test_public[0].id
+  ipv6_cidr         = var.ipv6_ipam_explicit_cidr
+  depends_on = [
+    aws_vpc_ipam_pool_cidr.ipv6_test_public
+  ]
+}
+
+module "ipv6_ipam_explicit_netmask_vpc" {
+  count = local.ipv6_deploy ? 1 : 0
+
+  source              = "../.."
+  name                = "ipv6-explicit-netmask-${local.name}"
+  cidr                = "172.2.0.32/28"
+  ipv6_ipam_pool_id   = aws_vpc_ipam_pool.ipv6_test_public[0].id
+  ipv6_netmask_length = 56
+  depends_on = [
+    aws_vpc_ipam_pool_cidr.ipv6_test_public
+  ]
+}
+
+module "ipv6_ipam_default_netmask_vpc" {
+  count = local.ipv6_deploy ? 1 : 0
+
+  source            = "../.."
+  name              = "ipv6-default-netmask-${local.name}"
+  cidr              = "172.2.0.32/28"
+  ipv6_ipam_pool_id = aws_vpc_ipam_pool.ipv6_test_public[0].id
+  depends_on = [
+    aws_vpc_ipam_pool_cidr.ipv6_test_public
+  ]
+}

examples/ipam-vpc/variables.tf

@@ -0,0 +1,23 @@
+variable "ipv6_pool_cidr" {
+  description = "value"
+  type        = string
+  default     = null
+}
+
+variable "ipv6_ipam_explicit_cidr" {
+  description = "value"
+  type        = string
+  default     = null
+}
+
+variable "ipv6_pool_cidr_authorization_signature" {
+  description = "value"
+  type        = string
+  default     = null
+}
+
+variable "ipv6_pool_cidr_authorization_message" {
+  description = "value"
+  type        = string
+  default     = null
+}

main.tf

@@ -34,7 +34,10 @@ resource "aws_vpc" "this" {
   enable_dns_support               = var.enable_dns_support
   enable_classiclink               = var.enable_classiclink
   enable_classiclink_dns_support   = var.enable_classiclink_dns_support
-  assign_generated_ipv6_cidr_block = var.enable_ipv6
+  assign_generated_ipv6_cidr_block = var.enable_ipv6 && var.ipv6_ipam_pool_id == "" ? true : null
+  ipv6_cidr_block                  = var.ipv6_cidr
+  ipv6_ipam_pool_id                = var.ipv6_ipam_pool_id
+  ipv6_netmask_length              = var.ipv6_netmask_length
 
   tags = merge(
     {

variables.tf

@@ -1186,3 +1186,21 @@ variable "ipv4_netmask_length" {
   type        = number
   default     = null
 }
+
+variable "ipv6_cidr" {
+  description = "(Optional) IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using `ipv6_netmask_length`."
+  type        = string
+  default     = null
+}
+
+variable "ipv6_ipam_pool_id" {
+  description = "(Optional) IPAM Pool ID for a IPv6 pool. Conflicts with `assign_generated_ipv6_cidr_block`."
+  type        = string
+  default     = null
+}
+
+variable "ipv6_netmask_length" {
+  description = "(Optional) Netmask length to request from IPAM Pool. Conflicts with `ipv6_cidr_block`. This can be omitted if IPAM pool as a `allocation_default_netmask_length` set. Valid values: `56`."
+  type        = number
+  default     = null
+}