ipv6 vpc not compatible with ipv4 subnet defaults

jdix531 commented 1 year ago

Description

There has been a recent change in behavior that I think is best identified as a bug. I believe the issue only surfaces during module upgrading so possibly not if upgrading is not always expected to go cleanly. I didn't see any mention in breaking changes for this specific case so perhaps it should just be mentioned on the release page as a breaking condition / corner case.

We had ipv6 enabled on the VPC level but not on the subnet level - we tried upgrading the vpc module (ok, left it with no version defined). I discovered that having ipv6 enabled on the vpc but without subnets having ipv6 initialized (probably a result of created by an older version, current version seems to do this correctly) caused the subnet resources to think ipv6 dns should be enabled which threw an error when applying because they were enabling ipv6 dns without ipv6 cidr blocks.

This likely only happens on "upgrading" instead of net-new as I see variables that seem to handle initializing subnets with ipv6 cidr when ipv6 is enabled for the vpc.

[X] ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Versions

Module Version:
- 4.0.1
Terraform
Version:

Terraform v1.4.3-dev
on darwin_arm64

provider registry.terraform.io/hashicorp/archive v2.3.0
provider registry.terraform.io/hashicorp/aws v4.62.0
provider registry.terraform.io/hashicorp/local v2.4.0
provider registry.terraform.io/hashicorp/random v3.4.3
provider registry.terraform.io/hashicorp/tls v4.0.4

Your version of Terraform is out of date! The latest version
is 1.4.4. You can update by downloading from https://www.terraform.io/downloads.html

Reproduction Code [Required]

Steps to reproduce the behavior:

Create older version with ipv6 enabled on the vpc but not strictly defined for the subnets then upgrade the module later.

Expected behavior

I hope updating the module should be possible in the most scenarios possible.

Actual behavior

Terminal Output Screenshot(s)

n/a

Additional context

n/a

bryantbiggs commented 1 year ago

thank you for the issue - we'll need a reproduction to help troubleshoot/triage

Tomperez98 commented 1 year ago

This should work

module "my_private_vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = "private-vpc"
  cidr = "10.0.0.0/16"

  azs             = ["${local.az}a", "${local.az}b"]
  private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24"]

  enable_ipv6 = true

  enable_nat_gateway     = true
  single_nat_gateway     = true
  one_nat_gateway_per_az = false

}

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] commented 1 year ago

This issue was automatically closed because of stale in 10 days

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

terraform-aws-modules / terraform-aws-vpc