ipv6 parameters for vpc

Author: drewmullen

README.md

@@ -456,6 +456,9 @@ No modules.
 | <a name="input_intra_subnets"></a> [intra\_subnets](#input\_intra\_subnets) | A list of intra subnets | `list(string)` | `[]` | no |
 | <a name="input_ipv4_ipam_pool_id"></a> [ipv4\_ipam\_pool\_id](#input\_ipv4\_ipam\_pool\_id) | (Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. | `string` | `null` | no |
 | <a name="input_ipv4_netmask_length"></a> [ipv4\_netmask\_length](#input\_ipv4\_netmask\_length) | (Optional) The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4\_ipam\_pool\_id. | `number` | `null` | no |
+| <a name="input_ipv6_cidr"></a> [ipv6\_cidr](#input\_ipv6\_cidr) | (Optional) IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using `ipv6_netmask_length`. | `string` | `null` | no |
+| <a name="input_ipv6_ipam_pool_id"></a> [ipv6\_ipam\_pool\_id](#input\_ipv6\_ipam\_pool\_id) | (Optional) IPAM Pool ID for a IPv6 pool. Conflicts with `assign_generated_ipv6_cidr_block`. | `string` | `null` | no |
+| <a name="input_ipv6_netmask_length"></a> [ipv6\_netmask\_length](#input\_ipv6\_netmask\_length) | (Optional) Netmask length to request from IPAM Pool. Conflicts with `ipv6_cidr_block`. This can be omitted if IPAM pool as a `allocation_default_netmask_length` set. Valid values: `56`. | `number` | `null` | no |
 | <a name="input_manage_default_network_acl"></a> [manage\_default\_network\_acl](#input\_manage\_default\_network\_acl) | Should be true to adopt and manage Default Network ACL | `bool` | `false` | no |
 | <a name="input_manage_default_route_table"></a> [manage\_default\_route\_table](#input\_manage\_default\_route\_table) | Should be true to manage default route table | `bool` | `false` | no |
 | <a name="input_manage_default_security_group"></a> [manage\_default\_security\_group](#input\_manage\_default\_security\_group) | Should be true to adopt and manage default security group | `bool` | `false` | no |

examples/ipam-vpc/README.md

@@ -11,7 +11,7 @@ To run this example you need to execute:
 ```bash
 $ terraform init
 $ terraform plan
-$ terraform apply -target=aws_vpc_ipam_preview_next_cidr.this # CIDR pool must exist before assigning CIDR from pool
+$ terraform apply -target=aws_vpc_ipam_preview_next_cidr.this -target=aws_vpc_ipam_preview_next_cidr.ipv6 # CIDR pool must exist before assigning CIDR from pool
 $ terraform apply
 ```
 
@@ -44,15 +44,19 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 |------|--------|---------|
 | <a name="module_vpc_ipam_set_cidr"></a> [vpc\_ipam\_set\_cidr](#module\_vpc\_ipam\_set\_cidr) | ../.. | n/a |
 | <a name="module_vpc_ipam_set_netmask"></a> [vpc\_ipam\_set\_netmask](#module\_vpc\_ipam\_set\_netmask) | ../.. | n/a |
+| <a name="module_vpc_ipv6_ipam_set_netmask"></a> [vpc\_ipv6\_ipam\_set\_netmask](#module\_vpc\_ipv6\_ipam\_set\_netmask) | ../.. | n/a |
 | <a name="module_vpc_without_ipam"></a> [vpc\_without\_ipam](#module\_vpc\_without\_ipam) | ../.. | n/a |
 
 ## Resources
 
 | Name | Type |
 |------|------|
 | [aws_vpc_ipam.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam) | resource |
+| [aws_vpc_ipam_pool.ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool) | resource |
 | [aws_vpc_ipam_pool.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool) | resource |
+| [aws_vpc_ipam_pool_cidr.ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr) | resource |
 | [aws_vpc_ipam_pool_cidr.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr) | resource |
+| [aws_vpc_ipam_preview_next_cidr.ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_preview_next_cidr) | resource |
 | [aws_vpc_ipam_preview_next_cidr.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_preview_next_cidr) | resource |
 
 ## Inputs

examples/ipam-vpc/main.tf

@@ -6,8 +6,9 @@ locals {
   name   = "ex-${replace(basename(path.cwd), "_", "-")}"
   region = "eu-west-1"
 
-  azs               = ["${local.region}a", "${local.region}b", "${local.region}c"]
-  preview_partition = cidrsubnets(aws_vpc_ipam_preview_next_cidr.this.cidr, 2, 2)
+  azs                    = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  preview_partition      = cidrsubnets(aws_vpc_ipam_preview_next_cidr.this.cidr, 2, 2, 2)
+  ipv6_preview_partition = cidrsubnets(aws_vpc_ipam_preview_next_cidr.ipv6.cidr, 2, 2, 2)
 
   tags = {
     Example    = local.name
@@ -20,6 +21,7 @@ locals {
 # VPC Module
 ################################################################################
 
+# IPv4
 module "vpc_without_ipam" {
   source = "../.."
 
@@ -60,7 +62,6 @@ module "vpc_ipam_set_netmask" {
   ipv4_netmask_length = 28
   azs                 = local.azs
 
-
   private_subnets = cidrsubnets(local.preview_partition[0], 2, 2, 2)
   public_subnets  = cidrsubnets(local.preview_partition[1], 2, 2, 2)
 
@@ -71,6 +72,26 @@ module "vpc_ipam_set_netmask" {
   ]
 }
 
+# IPv6
+module "vpc_ipv6_ipam_set_netmask" {
+  source = "../.."
+
+  name = "${local.name}-ipv6-set-netmask"
+
+  ipv6_ipam_pool_id   = aws_vpc_ipam_pool.ipv6.id
+  ipv6_netmask_length = 60
+  azs                 = local.azs
+
+  private_subnets = cidrsubnets(local.ipv6_preview_partition[0], 2, 2, 2)
+  public_subnets  = cidrsubnets(local.ipv6_preview_partition[1], 2, 2, 2)
+
+  tags = local.tags
+
+  depends_on = [
+    aws_vpc_ipam_pool_cidr.ipv6
+  ]
+}
+
 ################################################################################
 # Supporting Resources
 ################################################################################
@@ -115,3 +136,22 @@ resource "aws_vpc_ipam_preview_next_cidr" "this" {
     aws_vpc_ipam_pool_cidr.this
   ]
 }
+
+resource "aws_vpc_ipam_pool" "ipv6" {
+  address_family                    = "ipv6"
+  ipam_scope_id                     = aws_vpc_ipam.this.private_default_scope_id
+  locale                            = local.region
+  allocation_default_netmask_length = 56
+}
+
+resource "aws_vpc_ipam_pool_cidr" "ipv6" {
+  ipam_pool_id = aws_vpc_ipam_pool.ipv6.id
+}
+
+resource "aws_vpc_ipam_preview_next_cidr" "ipv6" {
+  ipam_pool_id = aws_vpc_ipam_pool.ipv6.id
+
+  depends_on = [
+    aws_vpc_ipam_pool_cidr.ipv6
+  ]
+}

main.tf

@@ -24,12 +24,16 @@ resource "aws_vpc" "this" {
   ipv4_ipam_pool_id   = var.ipv4_ipam_pool_id
   ipv4_netmask_length = var.ipv4_netmask_length
 
-  instance_tenancy                 = var.instance_tenancy
-  enable_dns_hostnames             = var.enable_dns_hostnames
-  enable_dns_support               = var.enable_dns_support
-  enable_classiclink               = null # https://github.com/hashicorp/terraform/issues/31730
-  enable_classiclink_dns_support   = null # https://github.com/hashicorp/terraform/issues/31730
-  assign_generated_ipv6_cidr_block = var.enable_ipv6
+  instance_tenancy               = var.instance_tenancy
+  enable_dns_hostnames           = var.enable_dns_hostnames
+  enable_dns_support             = var.enable_dns_support
+  enable_classiclink             = null # https://github.com/hashicorp/terraform/issues/31730
+  enable_classiclink_dns_support = null # https://github.com/hashicorp/terraform/issues/31730
+
+  assign_generated_ipv6_cidr_block = var.enable_ipv6 && var.ipv6_ipam_pool_id == "" ? true : null
+  ipv6_cidr_block                  = var.ipv6_cidr
+  ipv6_ipam_pool_id                = var.ipv6_ipam_pool_id
+  ipv6_netmask_length              = var.ipv6_netmask_length
 
   tags = merge(
     { "Name" = var.name },

variables.tf

@@ -1202,6 +1202,24 @@ variable "ipv4_netmask_length" {
   default     = null
 }
 
+variable "ipv6_cidr" {
+  description = "(Optional) IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using `ipv6_netmask_length`."
+  type        = string
+  default     = null
+}
+
+variable "ipv6_ipam_pool_id" {
+  description = "(Optional) IPAM Pool ID for a IPv6 pool. Conflicts with `assign_generated_ipv6_cidr_block`."
+  type        = string
+  default     = null
+}
+
+variable "ipv6_netmask_length" {
+  description = "(Optional) Netmask length to request from IPAM Pool. Conflicts with `ipv6_cidr_block`. This can be omitted if IPAM pool as a `allocation_default_netmask_length` set. Valid values: `56`."
+  type        = number
+  default     = null
+}
+
 variable "putin_khuylo" {
   description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
   type        = bool