Implement EC2 IPv4 Pool Creation

[tzahibwix]

Description

As of today, it is not possible to create IPv4 pool, this option available only through AWS CLI and AWS API.

In order to use BYOIP with IPAM, we can create the public IPAM pool with Terraform, but the last steps of creating IPv4 pool in the member account and privosion them to the IPv4 pool, are available only through AWS CLI/API (Steps 8 and 9 in the following AWS doc - https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoip-ipam-ipv4.html)

Affected Resource(s) and/or Data Source(s)

aws_vpc_ipam_pool

Potential Terraform Configuration

resource "aws_vpc_ipam_pool" "public_pool" { 
   aws_service                   = "ec2" 
   address_family                = "ipv4" 
   public_ip_source              = "byoip" 
   ipam_scope_id                 = var.ipam_public_scope_id 
   allocation_max_netmask_length = 24 
   allocation_min_netmask_length = 32 
   locale                        = us-east-1
   tags = { 
     Name = public-ipam-pool
   } 
 } 

 resource "aws_vpc_ipam_pool_cidr" "public_cidr" { 
   ipam_pool_id = aws_vpc_ipam_pool.public_pool.id 
   cidr         = "x.x.x.x/24" 
   cidr_authorization_context { 
     message   = var.public_cidr_provision_message 
     signature = var.public_cidr_provision_signature 
   } 
 }

# Suggested Resources Implementation#
resource "aws_ec2_ipv4_pool" "public_ipv4_pool" {} 

 resource "aws_ec2_ip4v_pool_cidr_provision" "public_cidrs" {
   ipv4_pool_id = aws_ec2_ipv4_pool.public_ipv4_pool.id
   ipam_source_pool = aws_vpc_ipam_pool.public_pool.id 
   cidr         = "x.x.x.x/24"  
   } 
 }

### References

_No response_

### Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[drewmullen]

For some added context, there is confusion in ec2 regarding the term "pool" there is both an "ipam public pool" and an "ec2 public pool". Currently you can create an ipv4 ipam public pool, you cannot:

• make a ec2 public pool (aws ec2 create-public-ipv4-pool)
• provision cidrs into that ec2 public pool (aws ec2 provision-public-ipv4-pool-cidr)
• allocate a ec2 public address (aws ec2 allocate-address)
• advertise the cidr (aws ec2 advertise-byoip-cidr)

There is some overlap with this issue also: https://github.com/hashicorp/terraform-provider-aws/issues/17425

Unfortunately, I will not be able to implement this feature request because I do not have access to a public ipv4 for testing.

[tzahibwix]

Hi @drewmullen, I will be able to help you and provide a public prefix to test and implement the new resources.

[tzahibwix]

@drewmullen Just FYI, the provision of IPs to the public ec2-public-ipv4-pool allows you to provision any from /32 to /24, but the de-provision process is only /32, that means that if you provisioned /24 to a public ec2 ipv4 pool, to de-provision the subnet you will have to do 255 API calls, one for each /32 address from the /24 prefix.

[cep21]

Usually I can work around missing terraform features by writing cloudformation inside terraform, but I cannot find cloudformation specs for these resources either.

Do others have a good way to implement these as IaC or can point me to the right CloudFormation I could import into my terraform?