Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add IPAM IPv6 support #718

Merged
merged 5 commits into from
Sep 26, 2022

Conversation

drewmullen
Copy link
Contributor

closes: #717
requires: #716 to be merged prior to merge

Description

add ability to specify ipam parameters for allocating public ipv6 cidrs to VPCs. i chose not to include logic to aws_vpc_ipv6_cidr_block_association because currently you can only have 1 ipv6 cidr and that is solved by the new parameters included on aws_vpc.

Motivation and Context

AWS IPAM was released at re:invent 2021

How Has This Been Tested?

  • I have tested and validated these changes using one or more of the provided examples/* projects
cd examples/ipam-vpc
# create terraform.tfvars file with values for `ipv6_pool_cidr`, `ipv6_ipam_explicit_cidr`, `ipv6_pool_cidr_authorization_message`, and `ipv6_pool_cidr_authorization_signature`
terraform apply 

@github-actions
Copy link

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

@github-actions github-actions bot added the stale label Jan 11, 2022
@github-actions
Copy link

This PR was automatically closed because of stale in 10 days

@github-actions github-actions bot closed this Jan 22, 2022
@tbugfinder
Copy link
Contributor

@bryantbiggs What would be needed to get this PR reopened / discussed properly?

@bryantbiggs bryantbiggs reopened this Sep 9, 2022
@bryantbiggs bryantbiggs removed the stale label Sep 9, 2022
@bryantbiggs bryantbiggs changed the title Ipam ipv6 support feat: Add IPAM IPv6 support Sep 9, 2022

use_ipam_pool = true
ipv6_ipam_pool_id = aws_vpc_ipam_pool.ipv6.id
ipv6_netmask_length = 56
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@drewmullen do you know whats up with this - if I set a netmask length of 56 I get

│ Error: error creating EC2 VPC: InvalidParameterValue: The allocation size is too big for the pool.
│ 	status code: 400, request id: be5c7702-a7f7-40ef-a6a8-25a2523a7fb6
│
│   with module.vpc_ipv6_ipam_set_netmask.aws_vpc.this[0],
│   on ../../main.tf line 20, in resource "aws_vpc" "this":
│   20: resource "aws_vpc" "this" {

And if I set anything other than a netmask length of 56 I get

│ Error: expected ipv6_netmask_length to be one of [56], got 60
│
│   with module.vpc_ipv6_ipam_set_netmask.aws_vpc.this[0],
│   on ../../main.tf line 30, in resource "aws_vpc" "this":
│   30:   ipv6_netmask_length              = var.ipv6_netmask_length

Copy link
Contributor Author

@drewmullen drewmullen Sep 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have to provision an IPv6 into the pool using aws_vpc_ipam_pool_cidr for it to have a prefix to allocate. ipam ipv6 is similar to how byoip worked prior to the service. Heres some test examples in the terraform acceptance tests.

As you can see, those tests dont normally run during TF builds unless the account has a IP it is authorized to assume control of. You only run the tests if you have set variables: IPAM_BYOIP_IPV6_MESSAGE, IPAM_BYOIP_IPV6_SIGNATURE, IPAM_BYOIP_IPV6_PROVISIONED_CIDR

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm dumb, I thought I read aws_vpc_ipam_pool_cidr was only valid for IPv4

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For now I have just commented out the IPv6 bits since they aren't valid in the example unless you have those 3 pieces of information. For some reason, I thought I had read that IPAM would vend you a /56 CIDR from the global pool when requested (similar to how VPC works with assigning an IPv6 CIDR when enabled).

Copy link
Member

@bryantbiggs bryantbiggs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again @drewmullen - @antonbabenko your thoughts?

Copy link
Member

@antonbabenko antonbabenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bryantbiggs bryantbiggs merged commit 4fe7745 into terraform-aws-modules:master Sep 26, 2022
antonbabenko pushed a commit that referenced this pull request Sep 26, 2022
## [3.16.0](v3.15.0...v3.16.0) (2022-09-26)

### Features

* Add IPAM IPv6 support ([#718](#718)) ([4fe7745](4fe7745))
@antonbabenko
Copy link
Member

This PR is included in version 3.16.0 🎉

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add support for AWS IPAM VPCs - IPv6
4 participants