appvia · m13t · Apr 19, 2024 · Apr 19, 2024
diff --git a/README.md b/README.md
@@ -94,9 +94,13 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | <a name="input_exclude_route53_resolver_rules"></a> [exclude\_route53\_resolver\_rules](#input\_exclude\_route53\_resolver\_rules) | List of resolver rules to exclude from association | `list(string)` | `[]` | no |
 | <a name="input_ipam_pool_id"></a> [ipam\_pool\_id](#input\_ipam\_pool\_id) | An optional pool id to use for IPAM pool to use | `string` | `null` | no |
 | <a name="input_nat_gateway_mode"></a> [nat\_gateway\_mode](#input\_nat\_gateway\_mode) | The configuration mode of the NAT gateways | `string` | `"none"` | no |
+| <a name="input_private_subnet_assign_ipv6_cidr"></a> [private\_subnet\_assign\_ipv6\_cidr](#input\_private\_subnet\_assign\_ipv6\_cidr) | If enabled, assigns and IPv6 range to the subnet | `bool` | `null` | no |
+| <a name="input_public_subnet_assign_ipv6_cidr"></a> [public\_subnet\_assign\_ipv6\_cidr](#input\_public\_subnet\_assign\_ipv6\_cidr) | If enabled, assigns and IPv6 range to the subnet | `bool` | `null` | no |
 | <a name="input_public_subnet_netmask"></a> [public\_subnet\_netmask](#input\_public\_subnet\_netmask) | The netmask for the public subnets | `number` | `0` | no |
 | <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | If enabled, and not lookup is disabled, the transit gateway id to connect to | `string` | `""` | no |
 | <a name="input_transit_gateway_routes"></a> [transit\_gateway\_routes](#input\_transit\_gateway\_routes) | If enabled, this is the cidr block to route down the transit gateway | `map(string)` | <pre>{<br>  "private": "10.0.0.0/8"<br>}</pre> | no |
+| <a name="input_transit_gateway_subnet_assign_ipv6_cidr"></a> [transit\_gateway\_subnet\_assign\_ipv6\_cidr](#input\_transit\_gateway\_subnet\_assign\_ipv6\_cidr) | If enabled, assigns and IPv6 range to the subnet | `bool` | `null` | no |
+| <a name="input_vpc_assign_generated_ipv6_cidr_block"></a> [vpc\_assign\_generated\_ipv6\_cidr\_block](#input\_vpc\_assign\_generated\_ipv6\_cidr\_block) | If enabled, assigns an AWS owned IPv6 CIDR block to the VPC | `bool` | `null` | no |
 | <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | An optional cidr block to assign to the VPC (if not using IPAM) | `string` | `null` | no |
 | <a name="input_vpc_instance_tenancy"></a> [vpc\_instance\_tenancy](#input\_vpc\_instance\_tenancy) | The name of the VPC to create | `string` | `"default"` | no |
 | <a name="input_vpc_netmask"></a> [vpc\_netmask](#input\_vpc\_netmask) | An optional range assigned to the VPC | `number` | `null` | no |

diff --git a/locals.tf b/locals.tf
@@ -5,12 +5,13 @@ locals {
   # The id for the transit_gateway_id passed into the module
   transit_gateway_id = var.enable_transit_gateway ? var.transit_gateway_id : null
   # Is the routes to propagate down the transit gateway 
-  transit_routes = var.enable_transit_gateway && length(var.transit_gateway_routes) > 0 ? var.transit_gateway_routes : null
+  transit_routes = var.enable_transit_gateway && length(var.transit_gateway_routes) > 0 ? var.transit_gateway_routes : {}
   # The configuration for the private subnets
   private_subnet = var.private_subnet_netmask > 0 ? {
     private = {
       connect_to_public_natgw = var.enable_nat_gateway ? true : false
       netmask                 = var.private_subnet_netmask
+      assign_ipv6_cidr        = var.private_subnet_assign_ipv6_cidr
       tags                    = var.tags
     }
   } : null
@@ -19,6 +20,7 @@ locals {
     public = {
       nat_gateway_configuration = var.nat_gateway_mode
       netmask                   = var.public_subnet_netmask
+      assign_ipv6_cidr          = var.public_subnet_assign_ipv6_cidr
       tags                      = var.tags
     }
   } : null
@@ -27,6 +29,7 @@ locals {
     transit_gateway = {
       connect_to_public_natgw                         = var.enable_transit_gateway_subnet_natgw
       netmask                                         = 28
+      assign_ipv6_cidr                                = var.transit_gateway_subnet_assign_ipv6_cidr
       tags                                            = var.tags
       transit_gateway_appliance_mode_support          = var.enable_transit_gateway_appliance_mode ? "enable" : "disable"
       transit_gateway_default_route_table_association = var.enable_default_route_table_association

diff --git a/main.tf b/main.tf
@@ -4,18 +4,19 @@ module "vpc" {
   source  = "aws-ia/vpc/aws"
   version = "4.4.2"
 
-  name                     = var.name
-  az_count                 = var.availability_zones
-  cidr_block               = var.vpc_cidr
-  subnets                  = local.subnets
-  tags                     = var.tags
-  transit_gateway_id       = local.transit_gateway_id
-  transit_gateway_routes   = local.transit_routes
-  vpc_instance_tenancy     = var.vpc_instance_tenancy
-  vpc_enable_dns_hostnames = true
-  vpc_enable_dns_support   = true
-  vpc_ipv4_ipam_pool_id    = var.enable_ipam ? var.ipam_pool_id : null
-  vpc_ipv4_netmask_length  = var.vpc_netmask
+  name                                 = var.name
+  az_count                             = var.availability_zones
+  cidr_block                           = var.vpc_cidr
+  subnets                              = local.subnets
+  tags                                 = var.tags
+  transit_gateway_id                   = local.transit_gateway_id
+  transit_gateway_routes               = local.transit_routes
+  vpc_instance_tenancy                 = var.vpc_instance_tenancy
+  vpc_enable_dns_hostnames             = true
+  vpc_enable_dns_support               = true
+  vpc_ipv4_ipam_pool_id                = var.enable_ipam ? var.ipam_pool_id : null
+  vpc_ipv4_netmask_length              = var.vpc_netmask
+  vpc_assign_generated_ipv6_cidr_block = var.vpc_assign_generated_ipv6_cidr_block
 }
 
 ## Associate any resolver rules with the vpc if required 

diff --git a/variables.tf b/variables.tf
@@ -108,12 +108,30 @@ variable "private_subnet_netmask" {
   }
 }
 
+variable "private_subnet_assign_ipv6_cidr" {
+  description = "If enabled, assigns and IPv6 range to the subnet"
+  type        = bool
+  default     = null
+}
+
 variable "public_subnet_netmask" {
   description = "The netmask for the public subnets"
   type        = number
   default     = 0
 }
 
+variable "public_subnet_assign_ipv6_cidr" {
+  description = "If enabled, assigns and IPv6 range to the subnet"
+  type        = bool
+  default     = null
+}
+
+variable "transit_gateway_subnet_assign_ipv6_cidr" {
+  description = "If enabled, assigns and IPv6 range to the subnet"
+  type        = bool
+  default     = null
+}
+
 variable "tags" {
   description = "Tags to apply to all resources"
   type        = map(string)
@@ -139,6 +157,12 @@ variable "vpc_cidr" {
   default     = null
 }
 
+variable "vpc_assign_generated_ipv6_cidr_block" {
+  description = "If enabled, assigns an AWS owned IPv6 CIDR block to the VPC"
+  type        = bool
+  default     = null
+}
+
 variable "vpc_netmask" {
   description = "An optional range assigned to the VPC"
   type        = number