Configuring IPAM Pools for IPv4 and IPv6 in the Same Module

[n0x29a]

We are currently facing an issue while trying to configure IPAM (IP Address Management) pools for both IPv4 and IPv6 within a single module. We have encountered errors that suggest mixing IPv4 and IPv6 scopes may not be supported. To help us resolve this issue, we kindly request your assistance in providing a basic example demonstrating how to successfully configure IPAM pools for both IPv4 and IPv6 within the same IPAM module.

Our objective is to create IPAM pools for both IPv4 and IPv6 addresses within a single IPAM module because, as per our understanding, AWS allows only one IPAM per Region to be used.

To clarify our request further, we are looking for a basic module usage example that illustrates how to configure the IPAM module to provide two separate scopes for IPv4 and IPv6 addresses.

Currently in examples we can see how to use IPv4 or IPv6. Maybe you could update the multiple scopes example to add IPv6 as well?

Thank you for your assistance.

[drewmullen]

Hi, thanks for opening this issue. IPAM uses several concepts that you can review here

If you are trying to manage ipv4 pools and ipv6 pools with this module then you would have 2 invocations of the module. The 1st invocation creates the ipam, default scopes, then pools for either ipv4 or 6. The 2nd invocation would not create ipam but would reference the scope from the 1st instantiation. You'd then create pool structures for the other type (ipv6 if your 1st was ipv4, etc). You can see an example of referencing an ipam created in another instantiation here: https://github.com/aws-ia/terraform-aws-ipam/blob/main/examples/multiple_scopes/main.tf#L58-L59

Hope this helps!

[drewmullen]

Hi @robodorm did this answer your question?

[drewmullen]

@robodorm I saw an email from your colleague. I maintain those resources in the provider so please feel free to open a feature request and tag me in it and I can take a look

[artem-collectai]

I gave it another try but it looks like this TF module supports only BYOIP IPv6 pools: top_cidr is a required argument, but if I provide it as an empty list, I get the following error:

[drewmullen]

ipv6 must be specified at the top level iirc

[artem-collectai]

Yes, we specified the address family (ignore the subpools configs):

module "this6" {
  source  = "registry.terraform.io/aws-ia/ipam/aws"
  version = "~> 2.0.0"

  top_netmask_length = 52

  ipam_scope_id   = module.this.ipam_info.public_default_scope_id
  ipam_scope_type = "public"

  create_ipam = false

  top_name       = "global ipam 6"
  address_family = "ipv6"

  pool_configurations = {
    corporate-eu6 = {
      locale = "eu-central-1"
      aws_service = "ec2"

      sub_pools = {
        sandbox = {
          name                 = "sandbox-dev-6"
          netmask_length       = 56
          ram_share_principals = [local.ou_sandbox]
          locale               = data.aws_region.current.name

          sub_pools = {
            eks-sandbox-6 = {
              netmask_length       = 64
              ram_share_principals = [local.ou_sandbox]
              locale               = data.aws_region.current.name
            }
          }
        }
      }
    }
  }
}

[drewmullen]

only BYOIP IPv6 pools

failed to read this. yes initially this was written for byoip. aws provided didnt exist at the time... i would have to think about how to use aws provided... might not be too hard.

can you please open a feature request and include your HCL example and then close this ticket

final note - once you specify locale you do not need to specify in nested /child pools :)

          sub_pools = {
            eks-sandbox-6 = {
              netmask_length       = 64
              ram_share_principals = [local.ou_sandbox]
            }

[n0x29a]

Many thanks for support!