Skip to content

JudeQuintana/terraform-aws-ipv6-intra-vpc-security-group-rule

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
base.tf
base.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

IPv6 Intra VPC Security Group Rule Description

This IPv6 Intra VPC Security Group Rule will create a SG Rule for each Tiered VPC allowing inbound-only ports from all other VPC networks (excluding itself).

v1.0.1

  • support for ipv6 secondary cidrs
  • moar validation
module "ipv6_intra_vpc_security_group_rules" {
  source  = "JudeQuintana/ipv6-intra-vpc-security-group-rule/aws"
  version = "1.0.1"
..

v1.0.0

  • New Dual Stack Networking Trifecta Demo
  • Similar declaration to Intra VPC Security Group Rules modules but this only supports IPv6
  • important to keep IPv6 SG rules as a separate module from IPv4

v1.0.0 example:


locals {
  ipv6_intra_vpc_security_group_rules = [
    {
      label     = "ssh6"
      protocol  = "tcp"
      from_port = 22
      to_port   = 22
    },
    {
      label     = "ping6"
      protocol  = "icmpv6"
      from_port = -1
      to_port   = -1
    }
  ]
}

# Allowing IPv6 SSH and ping communication across all VPCs
module "ipv6_intra_vpc_security_group_rules" {
  source  = "JudeQuintana/ipv6-intra-vpc-security-group-rule/aws"
  version = "1.0.0"

  for_each = { for r in local.ipv6_intra_vpc_security_group_rules : r.label => r }

  env_prefix       = var.env_prefix
  region_az_labels = var.region_az_labels
  ipv6_intra_vpc_security_group_rule = {
    rule = each.value
    vpcs = module.vpcs
  }
}

Requirements

Name Version
terraform >=1.3
aws >=5.61

Providers

Name Version
aws >=5.61

Modules

No modules.

Resources

Name Type
aws_security_group_rule.this resource
aws_caller_identity.this data source
aws_region.this data source

Inputs

Name Description Type Default Required
env_prefix prod, stage, test string n/a yes
ipv6_intra_vpc_security_group_rule intra vpc security group rule configuration 
object({
    # security rule object to allow inbound across vpcs intra-vpc security group
    rule = object({
      label     = string
      protocol  = string
      from_port = number
      to_port   = number
    })
    # map of tiered_vpc_ng objects
    vpcs = map(object({
      id                          = string
      intra_vpc_security_group_id = string
      name                        = string
      ipv6_network_cidr           = string
      ipv6_secondary_cidrs        = list(string)
      region                      = string
      account_id                  = string
    }))
  })
 n/a yes
region_az_labels Region and AZ names mapped to short naming conventions for labeling map(string) n/a yes

Outputs

Name Description
account_id n/a
region n/a
rule n/a
vpcs n/a

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages