Add initial support for IPv6 to the vpc module and add the subnet-ipv6 module

Author: Mike McGirr

modules/single-port-sg/main.tf

@@ -17,6 +17,12 @@ variable "cidr_blocks" {
   type        = list(string)
 }
 
+variable "ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR block ranges that the SG allows ingress from"
+  type        = list(string)
+  default     = []
+}
+
 variable "description" {
   description = "Use this string to add a description for the SG rule"
   type        = string
@@ -53,6 +59,7 @@ resource "aws_security_group_rule" "tcp_ingress" {
   to_port           = var.port
   protocol          = "tcp"
   cidr_blocks       = var.cidr_blocks
+  ipv6_cidr_blocks  = var.ipv6_cidr_blocks
   security_group_id = var.security_group_id
 }
 
@@ -65,5 +72,6 @@ resource "aws_security_group_rule" "udp_ingress" {
   to_port           = var.port
   protocol          = "udp"
   cidr_blocks       = var.cidr_blocks
+  ipv6_cidr_blocks  = var.ipv6_cidr_blocks
   security_group_id = var.security_group_id
 }

modules/subnet-ipv6/README.md

@@ -0,0 +1,6 @@
+## AWS Subnets
+
+This module creates one or more subnets, interleaving them across a list of
+availiability zones, supports `extra_tags`, and enabling/disabling public
+IPs by default. Use this module multiple times to create different sets of
+subnets for different purposes or characteristics.

modules/subnet-ipv6/main.tf

@@ -0,0 +1,22 @@
+/**
+ * ## AWS Subnet IPv6
+ * Creates a single IPv6 ready subnet
+ *
+ */
+
+resource "aws_subnet" "main" {
+  vpc_id            = var.vpc_id
+  cidr_block        = var.cidr_block
+  ipv6_cidr_block   = cidrsubnet(var.vpc_ipv6_cidr_block, var.ipv6_newbits, var.ipv6_netsum)
+  availability_zone = var.az
+
+  tags = merge(
+    {
+      "Name" = "${var.name_prefix}-${var.az}"
+    },
+    var.extra_tags,
+  )
+
+  map_public_ip_on_launch         = var.public
+  assign_ipv6_address_on_creation = true
+}

modules/subnet-ipv6/output.tf

@@ -0,0 +1,25 @@
+output "id" {
+  description = "The subnet id"
+  value       = aws_subnet.main.id
+}
+
+output "cidr_block" {
+  description = "The IPv4 CIDR block"
+  value       = aws_subnet.main.cidr_block
+}
+
+output "ipv6_cidr_block" {
+  description = "The IPv6 CIDR block"
+  value       = aws_subnet.main.ipv6_cidr_block
+}
+
+output "az" {
+  value       = aws_subnet.main.availability_zone
+  description = "The availability zones of the subnet"
+}
+
+output "vpc_id" {
+  description = "ID of the VPC the subnet is in"
+  value       = var.vpc_id
+}
+

modules/subnet-ipv6/variables.tf

@@ -0,0 +1,49 @@
+variable "name_prefix" {
+  description = "Name to prefix subnets with"
+  type        = string
+}
+
+variable "vpc_id" {
+  description = "VPC ID where subnets will be created"
+  type        = string
+}
+
+variable "cidr_block" {
+  description = "The IPv4 CIDR block for the subnet"
+  type        = string
+}
+
+variable "az" {
+  description = "The Availaiblity Zones to create the subnet in"
+  type        = string
+}
+
+variable "extra_tags" {
+  default     = {}
+  description = "Extra tags that will be added to aws_subnet resources"
+  type        = map(string)
+}
+
+# default to creating a public subnet
+variable "public" {
+  default     = true
+  description = "Boolean, maps to the map_public_ip_on_launch variable"
+  type        = bool
+}
+
+variable "vpc_ipv6_cidr_block" {
+  description = "The IPv6 cidr block for the vpc"
+  type        = string
+}
+
+variable "ipv6_newbits" {
+  description = "The number of additional bits with which to extend the prefix"
+  type = number
+  default = 8
+}
+
+variable "ipv6_netsum" {
+  description = "a whole number that can be represented as a binary integer with no more than newbits binary digits"
+  type = number
+  default =  162
+}

modules/subnet-ipv6/versions.tf

@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}

modules/subnets/main.tf

@@ -18,7 +18,6 @@ resource "aws_subnet" "main" {
       "Name" = "${var.name_prefix}-${format("%02d", count.index + 1)}-${element(var.azs, count.index)}"
     },
     var.extra_tags,
-  )
+    )
   map_public_ip_on_launch = var.public
 }
-

modules/subnets/variables.tf

@@ -28,6 +28,23 @@ variable "extra_tags" {
 variable "public" {
   default     = true
   description = "Boolean, maps to the map_public_ip_on_launch variable"
-  type        = string # no boolean type...
+  type        = bool
 }
 
+variable "assign_ipv6_address_on_creation" {
+  description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is false"
+  type        = bool
+  default     = false
+}
+
+variable "vpc_ipv6_cidr_block" {
+  description = "The possible ipv6 cidr block for the vpc"
+  type        = string
+  default     = ""
+}
+
+# variable "ipv6_cidr_blocks" {
+#   description = "The optional ipv6 cidr blocks for the subnet"
+#   type        = list(string)
+#   default     = []
+# }

modules/vpc/main.tf

@@ -16,6 +16,8 @@ resource "aws_vpc" "main" {
   enable_dns_hostnames = var.enable_dns_hostnames
   enable_dns_support   = var.enable_dns_support
 
+  assign_generated_ipv6_cidr_block = var.assign_generated_ipv6_cidr_block
+
   tags = merge(
     {
       "Name" = var.name_prefix

modules/vpc/outputs.tf

@@ -13,3 +13,10 @@ output "dhcp_options_id" {
   description = "ID of the DHCP options resource"
 }
 
+# It would be great if Terraform had an Option or Maybe type
+# Otherwise this will output an empty default value if the IPv6 option is not
+# set to true
+output "ipv6_cidr_block" {
+  value       =  (var.assign_generated_ipv6_cidr_block ? aws_vpc.main.ipv6_cidr_block : "")
+  description = "Optional IPv6 CIDR block output for the VPC"
+}