search

terraform-aws-modules / terraform-aws-vpc

Terraform module to create AWS VPC resources πŸ‡ΊπŸ‡¦
https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws
Apache License 2.0
2.99k stars 4.44k forks source link

Unable to migrate from IPv4 to IPv6 (VPC with subnets) #1049

Closed ricwo closed 7 months ago

ricwo commented 8 months ago

Description

I'm trying to upgrade a VPC including two public and two private subnets from IPv4 to IPv6. Setting enable_ipv6 does not work.

A similar issue was reported in the past, which was allegedly fixed in 5.13.0.

Versions

Reproduction Code [Required]

Before:

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = var.name
  cidr = "10.0.0.0/16"

  azs             = ["eu-central-1a", "eu-central-1b"]
  private_subnets = ["10.0.0.0/19", "10.0.32.0/19"]
  public_subnets  = ["10.0.64.0/19", "10.0.96.0/19"]

  enable_nat_gateway     = true
  single_nat_gateway     = false
  one_nat_gateway_per_az = false
}

After:

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = var.name
  cidr = "10.0.0.0/16"

  azs             = ["eu-central-1a", "eu-central-1b"]
  private_subnets = ["10.0.0.0/19", "10.0.32.0/19"]
  public_subnets  = ["10.0.64.0/19", "10.0.96.0/19"]

  enable_ipv6                                    = true
  private_subnet_assign_ipv6_address_on_creation = true
  public_subnet_assign_ipv6_address_on_creation  = true

  enable_nat_gateway     = true
  single_nat_gateway     = false
  one_nat_gateway_per_az = false
}

Expected behavior

An automatic upgrade to IPv6 of the VPC and all associated resources.

Actual behavior

The subnets update like this:

  # module.vpc.module.vpc.aws_subnet.private[0] will be updated in-place
  ~ resource "aws_subnet" "private" {
      ~ assign_ipv6_address_on_creation                = false -> true
      ~ enable_dns64                                   = false -> true
      ~ enable_resource_name_dns_aaaa_record_on_launch = false -> true
        id                                             = "subnet-123"
        # (13 unchanged attributes hidden)
    }

and the VPC with

  # module.vpc.module.vpc.aws_vpc.this[0] will be updated in-place
  ~ resource "aws_vpc" "this" {
      ~ assign_generated_ipv6_cidr_block     = false -> true
        id                                   = "vpc-123"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
        # (14 unchanged attributes hidden)
    }

However, this results in

Error: modifying EC2 Subnet (subnet-123) EnableDns64: InvalidParameterValue: Invalid value 'true' for enable-dns64. Cannot set enable-dns64 to true unless the subnet (subnet-123) has an IPv6 CIDR block associated with it.

for all four subnets.

github-actions[bot] commented 7 months ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] commented 7 months ago

This issue was automatically closed because of stale in 10 days

github-actions[bot] commented 6 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.