Open gwvandesteeg opened 3 years ago
Support for a aws_vpc_ipv6_cidr_block_association
resource also mentioned here.
See #8876 for partial fix to this.
Related #21998
Need to scope of effort to to finish BYOIP.
You can achieve this by using terraform to provision a cloudformation stack with a AWS::EC2::VPCCidrBlock resource. e.g.
resource "aws_cloudformation_stack" "ipv6" {
name = "terraform-cf"
parameters = {
IPv6Cidr = local.ipv6_cidr
IPv6Poolid = local.ipv6_pool_id
VpcId = local.vpc_id
}
template_body = <<STACK
{
"Parameters": {
"IPv6Cidr": {
"Type": "String",
"Description": "Enter the IPv6 CIDR block for the VPC."
},
"IPv6Poolid": {
"Type": "String",
"Description": "Enter the IPv6 Pool ID for the CIDR block."
},
"VpcId": {
"Type": "String",
"Description": "Enter the VPC ID."
}
},
"Resources": {
"myVpc": {
"Type": "AWS::EC2::VPCCidrBlock",
"Properties": {
"Ipv6CidrBlock": {
"Ref": "IPv6Cidr"
},
"Ipv6Pool": {
"Ref": "IPv6Poolid"
},
"VpcId": {
"Ref": "VpcId"
}
}
}
}
}
STACK
}
Then ensure you include a depends_on
reference to this resource in your aws_subnet
resources.
I didn't see it on the list. But I would like the ability to start advertising the BYOIP CIDR. You can currently bring it into IPAM> But you cannot advertise it in Terraform.
Community Note
Description
There are a variety of components that need to be added and update to allow for the creation of VPCs when using BYOIP, especially since the support for IPv6 BYOIP was added. This feature request only defines the changes needed to utilise the BYOIP blocks not the loading and activation of the BYOIP blocks (as such we exclude the provision-byoip-cidr, advertise-byoip-cidr, and withdraw-byoip-cidr CLI command functionality)
User Stories
This last User story allows us to deal with certain network applications that do not function well behind NAT connections, by creating a VPC with the same network range as your public range you can then trick the application in thinking it is not behind NAT. Let's say you have 1.2.3.0/24 as your BYOIP block, you create a VPC that also has 1.2.3.0/24 as its subnet then you can spin up instances inside that VPC that have IPs in this IP range on the EC2 instance. By then allocating an EIP with the exact same IP to these instances to the world and the application they all believe they are on this IP and the network traffic gets routed correctly. (It looks crazy but it works).
New or Affected Resource(s)
Potential Terraform Configuration
References
BYOIP
aws_vpc change:
aws_vpc_ipv6_pools addition:
aws_vpc_public_ipv4_pools addtion:
aws_vpc_ipv6_cidr_block_association addition:
aws_eip change:
8004
6521
6251