From 506c42797434e10427c4e6915622cfc5ea5b45ab Mon Sep 17 00:00:00 2001 From: Ra'Jiska Date: Wed, 22 Nov 2023 17:52:34 +0800 Subject: [PATCH] IPv6 Variable + Removal NAT64 specifics --- ec2.tf | 5 ----- main.tf | 6 +++--- templates/user_data.sh | 4 ---- variables.tf | 20 ++------------------ 4 files changed, 5 insertions(+), 30 deletions(-) diff --git a/ec2.tf b/ec2.tf index 46de553..23aa6e5 100644 --- a/ec2.tf +++ b/ec2.tf @@ -56,7 +56,6 @@ resource "aws_launch_template" "main" { subnet_id = var.subnet_id associate_public_ip_address = true security_groups = [aws_security_group.main.id] - ipv6_address_count = var.use_nat64 ? 1 : null } dynamic "instance_market_options" { @@ -84,10 +83,6 @@ resource "aws_launch_template" "main" { TERRAFORM_EIP_ID = length(var.eip_allocation_ids) != 0 ? var.eip_allocation_ids[0] : "" TERRAFORM_CWAGENT_ENABLED = var.use_cloudwatch_agent ? "true" : "" TERRAFORM_CWAGENT_CFG_PARAM_NAME = local.cwagent_param_name != null ? local.cwagent_param_name : "" - TERRAFORM_NAT64_ENABLED = var.use_nat64 ? "true" : "" - TERRAFORM_NAT64_IPV4_ADDR = var.use_nat64 ? var.nat64_configuration.tayga_ipv4_addr : "" - TERRAFORM_NAT64_IPV6_ADDR = var.use_nat64 ? var.nat64_configuration.tayga_ipv6_addr : "" - TERRAFORM_NAT64_DYNAMIC_POOL = var.use_nat64 ? var.nat64_configuration.tayga_dynamic_pool : "" })) tags = var.tags diff --git a/main.tf b/main.tf index 6d4ad0a..032c2b6 100644 --- a/main.tf +++ b/main.tf @@ -23,7 +23,7 @@ resource "aws_security_group" "main" { to_port = 0 protocol = "-1" cidr_blocks = ["${data.aws_vpc.main.cidr_block}"] - ipv6_cidr_blocks = var.use_nat64 ? ["${data.aws_vpc.main.ipv6_cidr_block}"] : null + ipv6_cidr_blocks = var.use_ipv6 ? ["${data.aws_vpc.main.ipv6_cidr_block}"] : null } egress { @@ -45,7 +45,7 @@ resource "aws_network_interface" "main" { subnet_id = var.subnet_id security_groups = [aws_security_group.main.id] source_dest_check = false - ipv6_address_count = var.use_nat64 ? 1 : null + ipv6_address_count = var.use_ipv6 ? 1 : null tags = merge(var.tags, { Name = var.name @@ -61,7 +61,7 @@ resource "aws_route" "main" { } resource "aws_route" "main_ipv6" { - count = var.update_route_table && var.use_nat64 ? 1 : 0 + count = var.update_route_table && var.use_ipv6 ? 1 : 0 route_table_id = var.route_table_id destination_ipv6_cidr_block = "64:ff9b::/96" diff --git a/templates/user_data.sh b/templates/user_data.sh index e10a56a..f5792f3 100644 --- a/templates/user_data.sh +++ b/templates/user_data.sh @@ -4,9 +4,5 @@ echo "eni_id=${TERRAFORM_ENI_ID}" >> /etc/fck-nat.conf echo "eip_id=${TERRAFORM_EIP_ID}" >> /etc/fck-nat.conf echo "cwagent_enabled=${TERRAFORM_CWAGENT_ENABLED}" >> /etc/fck-nat.conf -echo "nat64_enabled=${TERRAFORM_NAT64_ENABLED}" >> /etc/fck-nat.conf -echo "nat64_ipv4_addr=${TERRAFORM_NAT64_IPV4_ADDR}" >> /etc/fck-nat.conf -echo "nat64_ipv6_addr=${TERRAFORM_NAT64_IPV6_ADDR}" >> /etc/fck-nat.conf -echo "nat64_ipv4_dynamic_pool=${TERRAFORM_NAT64_DYNAMIC_POOL}" >> /etc/fck-nat.conf service fck-nat restart diff --git a/variables.tf b/variables.tf index 155829c..9d63677 100644 --- a/variables.tf +++ b/variables.tf @@ -99,28 +99,12 @@ variable "cloudwatch_agent_configuration_param_arn" { default = null } -variable "use_nat64" { - description = "Whether or not to enable NAT64 on the NAT instance. Your VPC and at least the public subnet this NAT instance is deployed into must support IPv6" +variable "use_ipv6" { + description = "Whether or not to enable IPv6 support for the NAT instance. Requires VPC and subnets to support IPv6. Required for NAT64" type = bool default = false } -variable "nat64_configuration" { - description = "NAT64 configuration for the NAT instance through TAYGA" - type = object({ - tayga_ipv4_addr = optional(string, "192.168.255.1"), - tayga_ipv6_addr = optional(string, "2001:db8:1::2"), - tayga_dynamic_pool = optional(string, "192.168.0.0/16"), - }) - default = { - default = { - tayga_ipv4_addr = "192.168.255.1", - tayga_ipv6_addr = "2001:db8:1::2", - tayga_dynamic_pool = "192.168.0.0/16" - } - } -} - variable "tags" { description = "Tags to apply to resources created within the module" type = map(string)