Merges freight-hub/upstream-ipv6 (pull request #5)

Flaconi · Oct 28, 2021 · 572f818 · 572f818
2 parents f099186 + 1fd51d5
commit 572f818
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -246,6 +246,14 @@ Type: `string`
 
 Default: `"ipv4"`
 
+### <a name="input_ipv6_networking_enabled"></a> [ipv6\_networking\_enabled](#input\_ipv6\_networking\_enabled)
+
+Description: Do we configure IPv6 routing and ingress in the VPC
+
+Type: `bool`
+
+Default: `false`
+
 ### <a name="input_response_message_body"></a> [response\_message\_body](#input\_response\_message\_body)
 
 Description: The default response message body in case no rules have been met

diff --git a/main.tf b/main.tf
@@ -70,6 +70,18 @@ resource "aws_route" "public_internet_gateway" {
   }
 }
 
+resource "aws_route" "ipv6_internet_gateway" {
+  count = var.ipv6_networking_enabled ? 1 : 0
+
+  route_table_id              = aws_route_table.public.id
+  destination_ipv6_cidr_block = "::/0"
+  gateway_id                  = aws_internet_gateway.this.id
+
+  timeouts {
+    create = "5m"
+  }
+}
+
 resource "aws_internet_gateway" "this" {
   vpc_id = aws_vpc.this.id
 
@@ -88,16 +100,18 @@ resource "aws_security_group" "this" {
 
   ingress {
     # TLS (change to whatever ports you need)
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
+    from_port        = 443
+    to_port          = 443
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = var.ipv6_networking_enabled ? ["::/0"] : []
   }
   ingress {
-    from_port   = 80
-    to_port     = 80
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
+    from_port        = 80
+    to_port          = 80
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = var.ipv6_networking_enabled ? ["::/0"] : []
   }
 }
 

diff --git a/variables.tf b/variables.tf
@@ -50,6 +50,12 @@ variable "lb_ip_address_type" {
   description = "The `ip_address_type` of the LB, either 'ipv4' or 'dualstack' in case ipv6 needs to be supported as well"
 }
 
+variable "ipv6_networking_enabled" {
+  type        = bool
+  default     = false
+  description = "Do we configure IPv6 routing and ingress in the VPC"
+}
+
 variable "response_message_body" {
   type        = string
   default     = "No match"