codeenigma · gregharvey · Sep 29, 2022 · Sep 27, 2022 · Sep 28, 2022 · Sep 28, 2022
diff --git a/roles/aws/aws_vpc/defaults/main.yml b/roles/aws/aws_vpc/defaults/main.yml
@@ -3,6 +3,7 @@ aws_vpc:
   region: "{{ _aws_region }}"
   name: example-vpc-2
   cidr_block: "10.0.0.0/16"
+  ipv6_cidr: false # set to true to request an Amazon-provided IPv6 CIDR block with /56 prefix length.
   tags: {}
     #Type: "util"
   state: present

diff --git a/roles/aws/aws_vpc/tasks/main.yml b/roles/aws/aws_vpc/tasks/main.yml
@@ -3,6 +3,7 @@
     profile: "{{ aws_vpc.aws_profile }}"
     name: "{{ aws_vpc.name }}"
     cidr_block: "{{ aws_vpc.cidr_block }}"
+    ipv6_cidr: "{{ aws_vpc.ipv6_cidr }}"
     region: "{{ aws_vpc.region }}"
     tags: "{{ aws_vpc.tags }}"
     state: "{{ aws_vpc.state }}"
@@ -47,3 +48,20 @@
       routes:
         - dest: 0.0.0.0/0
           gateway_id: "{{ _aws_vpc_gateway.gateway_id }}"
+  when: _aws_vpc_vpc.vpc.ipv6_cidr_block_association_set is not defined
+
+- name: Update Main route table, including IPv6.
+  ansible.builtin.include_role:
+    name: aws/aws_vpc_route
+  vars:
+    aws_vpc_route:
+      aws_profile: "{{ aws_vpc.aws_profile }}"
+      region: "{{ aws_vpc.region }}"
+      vpc_id: "{{ _aws_vpc_vpc.vpc.id }}"
+      tags: "{{ aws_vpc.tags }}"
+      routes:
+        - dest: 0.0.0.0/0
+          gateway_id: "{{ _aws_vpc_gateway.gateway_id }}"
+        - dest: "::/0"
+          gateway_id: "{{ _aws_vpc_gateway.gateway_id }}"
+  when: _aws_vpc_vpc.vpc.ipv6_cidr_block_association_set is defined
diff --git a/roles/aws/aws_vpc_route/tasks/route.yml b/roles/aws/aws_vpc_route/tasks/route.yml
@@ -3,7 +3,7 @@
 - name: Normalize route.
   set_fact:
     _aws_vpc_route_route:
-      dest: "{{ route.destination_cidr_block }}"
+      dest: "{{ route.destination_ipv6_cidr_block if route.destination_ipv6_cidr_block is defined else route.destination_cidr_block }}"
       gateway_id: "{{ route.gateway_id | default(omit) }}"
       nat_gateway_id: "{{ route.nat_gateway_id | default(omit) }}"
       network_interface_id: "{{ route.network_interface_id | default(omit) }}"

diff --git a/roles/aws/aws_vpc_subnet/defaults/main.yml b/roles/aws/aws_vpc_subnet/defaults/main.yml
@@ -5,8 +5,9 @@ aws_vpc_subnet:
   region: "{{ _aws_region }}"
   subnets:
     - cidr_block: "10.0.0.0/24"
+      # ipv6_cidr_block: "1" # This will create something like xxxx:xxxx:xxxx:xxyy::/64 where yy is created using the ipsubnet filter automatically - DO NOT DEFINE IF IPV6 IS NOT REQUIRED
       az: b
-      assign_instances_ipv6: false
+      assign_instances_ipv6: false # if true, need to specify an ipv6_cidr_block value.
       # A NAT gateway to associate with the subnets.
       # @todo IPV6
       nat_ipv4: false

diff --git a/roles/aws/aws_vpc_subnet/tasks/subnet.yml b/roles/aws/aws_vpc_subnet/tasks/subnet.yml
@@ -1,7 +1,26 @@
+- name: Print out VPC info.
+  ansible.builtin.debug:
+    msg: "{{ _aws_vpc_subnet_vpc }}"
+
+- name: Set IPv6 subnet CIDR.
+  set_fact:
+    _ipv6_subnet_cidr: "{{ _aws_vpc_subnet_vpc.vpcs[0].ipv6_cidr_block_association_set[0].ipv6_cidr_block | ipsubnet(64, subnet.ipv6_cidr_block) }}"
+  when:
+    - subnet.ipv6_cidr_block is defined
+    - subnet.ipv6_cidr_block | length > 0
+
+- name: Print out IPv6 subnet CIDR for debugging.
+  ansible.builtin.debug:
+    msg: "{{ _ipv6_subnet_cidr }}"
+  when:
+    - subnet.ipv6_cidr_block is defined
+    - subnet.ipv6_cidr_block | length > 0
+
 - name: Create VPC subnet.
   ec2_vpc_subnet:
     profile: "{{ aws_vpc_subnet.aws_profile }}"
     cidr: "{{ subnet.cidr_block }}"
+    ipv6_cidr: "{{ _ipv6_subnet_cidr if subnet.ipv6_cidr_block is defined and subnet.ipv6_cidr_block | length > 0 else '' }}"
     region: "{{ aws_vpc_subnet.region }}"
     tags: "{{ aws_vpc_subnet.tags | combine( { 'Name': subnet.name } ) }}"
     az: "{{ aws_vpc_subnet.region }}{{ subnet.az }}"