allow for disabling IPv6 selectively

Signed-off-by: John Seekins <[email protected]>
cloudposse · Dec 5, 2024 · bb17b01 · bb17b01
1 parent 6afa462
commit bb17b01
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf
@@ -148,7 +148,8 @@ module "subnets" {
   ipv4_cidr_block                 = [module.vpc.vpc_cidr_block]
   ipv4_cidrs                      = var.ipv4_cidrs
   ipv6_enabled                    = length(local.vpc_ipv6_cidr_blocks) > 0
-  ipv6_cidrs                      = local.vpc_ipv6_cidr_blocks
+  disable_private_ipv6            = var.disable_private_ipv6
+  disable_public_ipv6             = var.disable_public_ipv6
   igw_id                          = var.public_subnets_enabled ? [module.vpc.igw_id] : []
   map_public_ip_on_launch         = var.map_public_ip_on_launch
   max_subnet_count                = local.max_subnet_count

diff --git a/modules/vpc/variables.tf b/modules/vpc/variables.tf
@@ -89,6 +89,18 @@ variable "ipv4_cidrs" {
   }
 }
 
+variable "disable_private_ipv6" {
+  type        = bool
+  default     = false
+  description = "Allow for selectively disabling IPv6 addresses in private subnets only"
+}
+
+variable "disable_private_ipv6" {
+  type        = bool
+  default     = false
+  description = "Allow for selectively disabling IPv6 addresses in public subnets only"
+}
+
 variable "assign_generated_ipv6_cidr_block" {
   type        = bool
   description = "When `true`, assign AWS generated IPv6 CIDR block to the VPC.  Conflicts with `ipv6_ipam_pool_id`."