terraform-aws-modules · dekimsey · Feb 14, 2019 · Feb 15, 2019 · Feb 21, 2019 · Mar 28, 2019
diff --git a/main.tf b/main.tf
@@ -69,6 +69,12 @@ resource "aws_internet_gateway" "this" {
   tags = "${merge(map("Name", format("%s", var.name)), var.tags, var.igw_tags)}"
 }
 
+resource "aws_egress_only_internet_gateway" "this" {
+  count = "${var.enable_ipv6 && length(var.database_subnets) + length(var.private_subnets) > 0 ? 1 : 0}"
+
+  vpc_id = "${aws_vpc.this.id}"
+}
+
 ################
 # Publiс routes
 ################
@@ -92,6 +98,14 @@ resource "aws_route" "public_internet_gateway" {
   }
 }
 
+resource "aws_route" "public_internet_gateway_ipv6" {
+  count = "${var.enable_ipv6 && length(var.public_subnets) > 0 ? 1 : 0}"
+
+  route_table_id              = "${aws_route_table.public.id}"
+  destination_ipv6_cidr_block = "::/0"
+  gateway_id                  = "${aws_internet_gateway.this.id}"
+}
+
 #################
 # Private routes
 # There are so many routing tables as the largest amount of subnets of each type (really?)
@@ -144,6 +158,14 @@ resource "aws_route" "database_nat_gateway" {
   }
 }
 
+resource "aws_route" "database_ipv6_egress" {
+  count = "${var.enable_ipv6 ? length(var.database_subnets) : 0}"
+
+  route_table_id              = "${element(aws_route_table.database.*.id, count.index)}"
+  destination_ipv6_cidr_block = "::/0"
+  egress_only_gateway_id      = "${element(aws_egress_only_internet_gateway.this.*.id, 0)}"
+}
+
 #################
 # Redshift routes
 #################
@@ -183,10 +205,14 @@ resource "aws_route_table" "intra" {
 resource "aws_subnet" "public" {
   count = "${var.create_vpc && length(var.public_subnets) > 0 && (!var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs)) ? length(var.public_subnets) : 0}"
 
-  vpc_id                  = "${local.vpc_id}"
-  cidr_block              = "${element(concat(var.public_subnets, list("")), count.index)}"
-  availability_zone       = "${element(var.azs, count.index)}"
-  map_public_ip_on_launch = "${var.map_public_ip_on_launch}"
+  vpc_id                          = "${local.vpc_id}"
+  cidr_block                      = "${element(concat(var.public_subnets, list("")), count.index)}"
+  availability_zone               = "${element(var.azs, count.index)}"
+  map_public_ip_on_launch         = "${var.map_public_ip_on_launch}"
+  assign_ipv6_address_on_creation = "${var.assign_ipv6_address_on_creation}"
+
+  # TODO: Does not unset, need null support or the like see: Terraform 0.12
+  ipv6_cidr_block = "${var.enable_ipv6 && length(var.public_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this.ipv6_cidr_block, 8, element(concat(var.public_subnet_ipv6_prefixes, list("0")), count.index)) : ""}"
 
   tags = "${merge(map("Name", format("%s-${var.public_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.public_subnet_tags)}"
 }
@@ -197,9 +223,13 @@ resource "aws_subnet" "public" {
 resource "aws_subnet" "private" {
   count = "${var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0}"
 
-  vpc_id            = "${local.vpc_id}"
-  cidr_block        = "${var.private_subnets[count.index]}"
-  availability_zone = "${element(var.azs, count.index)}"
+  vpc_id                          = "${local.vpc_id}"
+  cidr_block                      = "${var.private_subnets[count.index]}"
+  availability_zone               = "${element(var.azs, count.index)}"
+  assign_ipv6_address_on_creation = "${var.assign_ipv6_address_on_creation}"
+
+  # TODO: Does not unset, need null support or the like see: Terraform 0.12
+  ipv6_cidr_block = "${var.enable_ipv6 && length(var.private_subnet_ipv6_prefixes) > 0  ? cidrsubnet(aws_vpc.this.ipv6_cidr_block, 8, element(coalescelist(var.private_subnet_ipv6_prefixes, list("0")), count.index)) : ""}"
 
   tags = "${merge(map("Name", format("%s-${var.private_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.private_subnet_tags)}"
 }
@@ -210,9 +240,13 @@ resource "aws_subnet" "private" {
 resource "aws_subnet" "database" {
   count = "${var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0}"
 
-  vpc_id            = "${local.vpc_id}"
-  cidr_block        = "${var.database_subnets[count.index]}"
-  availability_zone = "${element(var.azs, count.index)}"
+  vpc_id                          = "${local.vpc_id}"
+  cidr_block                      = "${var.database_subnets[count.index]}"
+  availability_zone               = "${element(var.azs, count.index)}"
+  assign_ipv6_address_on_creation = "${var.assign_ipv6_address_on_creation}"
+
+  # TODO: Does not unset, need null support or the like see: Terraform 0.12
+  ipv6_cidr_block = "${var.enable_ipv6 && length(var.database_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this.ipv6_cidr_block, 8, element(concat(var.database_subnet_ipv6_prefixes, list("0")), count.index)) : ""}"
 
   tags = "${merge(map("Name", format("%s-${var.database_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.database_subnet_tags)}"
 }
@@ -281,6 +315,9 @@ resource "aws_subnet" "intra" {
   cidr_block        = "${var.intra_subnets[count.index]}"
   availability_zone = "${element(var.azs, count.index)}"
 
+  # TODO: Does not unset, need null support or the like see: Terraform 0.12
+  ipv6_cidr_block = "${var.enable_ipv6 && length(var.intra_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this.ipv6_cidr_block, 8, element(concat(var.intra_subnet_ipv6_prefixes, list("0")), count.index)) : ""}"
+
   tags = "${merge(map("Name", format("%s-intra-%s", var.name, element(var.azs, count.index))), var.tags, var.intra_subnet_tags)}"
 }
 
@@ -330,6 +367,14 @@ resource "aws_route" "private_nat_gateway" {
   }
 }
 
+resource "aws_route" "private_ipv6_egress" {
+  count = "${var.enable_ipv6 ? length(var.private_subnets) : 0}"
+
+  route_table_id              = "${element(aws_route_table.private.*.id, count.index)}"
+  destination_ipv6_cidr_block = "::/0"
+  egress_only_gateway_id      = "${aws_egress_only_internet_gateway.this.id}"
+}
+
 ######################
 # VPC Endpoint for S3
 ######################

diff --git a/outputs.tf b/outputs.tf
@@ -48,15 +48,15 @@ output "vpc_main_route_table_id" {
   value       = "${element(concat(aws_vpc.this.*.main_route_table_id, list("")), 0)}"
 }
 
-//output "vpc_ipv6_association_id" {
-//  description = "The association ID for the IPv6 CIDR block"
-//  value       = "${element(concat(aws_vpc.this.*.ipv6_association_id, list("")), 0)}"
-//}
-//
-//output "vpc_ipv6_cidr_block" {
-//  description = "The IPv6 CIDR block"
-//  value       = "${element(concat(aws_vpc.this.*.ipv6_cidr_block, list("")), 0)}"
-//}
+output "vpc_ipv6_association_id" {
+ description = "The association ID for the IPv6 CIDR block"
+ value       = "${element(concat(aws_vpc.this.*.ipv6_association_id, list("")), 0)}"
+}
+
+output "vpc_ipv6_cidr_block" {
+ description = "The IPv6 CIDR block"
+ value       = "${element(concat(aws_vpc.this.*.ipv6_cidr_block, list("")), 0)}"
+}
 
 output "vpc_secondary_cidr_blocks" {
   description = "List of secondary CIDR blocks of the VPC"
@@ -344,3 +344,28 @@ output "azs" {
   description = "A list of availability zones specified as argument to this module"
   value       = "${var.azs}"
 }
+
+output "ipv6_egress_only_igw_id" {
+  description = "The ID of the egress only Internet Gateway"
+  value       = "${element(concat(aws_egress_only_internet_gateway.this.*.id, list("")), 0)}"
+}
+
+output "public_subnets_ipv6_cidr_blocks" {
+  description = "List of ipv6 cidr_blocks of public subnets in an ipv6 enabled VPC"
+  value       = ["${aws_subnet.public.*.ipv6_cidr_block}"]
+}
+
+output "private_subnets_ipv6_cidr_blocks" {
+  description = "List of ipv6 cidr_blocks of private subnets in an ipv6 enabled VPC"
+  value       = ["${aws_subnet.private.*.ipv6_cidr_block}"]
+}
+
+output "database_subnets_ipv6_cidr_blocks" {
+  description = "List of ipv6 cidr_blocks of database subnets in an ipv6 enabled VPC"
+  value       = ["${aws_subnet.database.*.ipv6_cidr_block}"]
+}
+
+output "intra_subnets_ipv6_cidr_blocks" {
+  description = "List of ipv6 cidr_blocks of intra subnets in an ipv6 enabled VPC"
+  value       = ["${aws_subnet.intra.*.ipv6_cidr_block}"]
+}
diff --git a/variables.tf b/variables.tf
@@ -18,6 +18,40 @@ variable "assign_generated_ipv6_cidr_block" {
   default     = false
 }
 
+variable "enable_ipv6" {
+  description = "Assigns ipv6 subnets and routes"
+  default     = false
+}
+
+variable "private_subnet_ipv6_prefixes" {
+  description = "Assigns ipv6 subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding ipv4 subnet list"
+  default     = []
+  type        = "list"
+}
+
+variable "public_subnet_ipv6_prefixes" {
+  description = "Assigns ipv6 subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding ipv4 subnet list"
+  default     = []
+  type        = "list"
+}
+
+variable "database_subnet_ipv6_prefixes" {
+  description = "Assigns ipv6 subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding ipv4 subnet list"
+  default     = []
+  type        = "list"
+}
+
+variable "intra_subnet_ipv6_prefixes" {
+  description = "Assigns ipv6 subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding ipv4 subnet list"
+  default     = []
+  type        = "list"
+}
+
+variable "assign_ipv6_address_on_creation" {
+  description = "Assign ipv6 address on subnet, must be disabled to change ipv6 cidrs. This is the ipv6 equivalent of map_public_ip_on_launch"
+  default     = false
+}
+
 variable "secondary_cidr_blocks" {
   description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool"
   default     = []