From 743798daa14b8a5b827b37053ca7e3c5b8865c06 Mon Sep 17 00:00:00 2001 From: Mike Splain Date: Mon, 15 May 2023 10:18:30 -0400 Subject: [PATCH] fix: Add dns64 routes (#924) --- README.md | 2 ++ examples/ipv6-dualstack/main.tf | 2 +- main.tf | 24 ++++++++++++++++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0232463c6..ec0a907a3 100644 --- a/README.md +++ b/README.md @@ -310,9 +310,11 @@ No modules. | [aws_network_acl_rule.redshift_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | | [aws_network_acl_rule.redshift_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | | [aws_redshift_subnet_group.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_subnet_group) | resource | +| [aws_route.database_dns64_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | | [aws_route.database_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | | [aws_route.database_ipv6_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | | [aws_route.database_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | +| [aws_route.private_dns64_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | | [aws_route.private_ipv6_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | | [aws_route.private_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | | [aws_route.public_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | diff --git a/examples/ipv6-dualstack/main.tf b/examples/ipv6-dualstack/main.tf index b6a1cb4c4..d71f8fe35 100644 --- a/examples/ipv6-dualstack/main.tf +++ b/examples/ipv6-dualstack/main.tf @@ -33,7 +33,7 @@ module "vpc" { public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)] database_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 8)] - enable_nat_gateway = false + enable_nat_gateway = true create_database_subnet_route_table = true create_database_internet_gateway_route = true diff --git a/main.tf b/main.tf index 0bd869778..d72fe5d91 100644 --- a/main.tf +++ b/main.tf @@ -436,6 +436,18 @@ resource "aws_route" "database_nat_gateway" { } } +resource "aws_route" "database_dns64_nat_gateway" { + count = local.create_database_route_table && !var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway && var.enable_ipv6 && var.private_subnet_enable_dns64 ? var.single_nat_gateway ? 1 : local.len_database_subnets : 0 + + route_table_id = element(aws_route_table.database[*].id, count.index) + destination_ipv6_cidr_block = "64:ff9b::/96" + nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index) + + timeouts { + create = "5m" + } +} + resource "aws_route" "database_ipv6_egress" { count = local.create_database_route_table && var.create_egress_only_igw && var.enable_ipv6 && var.create_database_internet_gateway_route ? 1 : 0 @@ -1081,6 +1093,18 @@ resource "aws_route" "private_nat_gateway" { } } +resource "aws_route" "private_dns64_nat_gateway" { + count = local.create_vpc && var.enable_nat_gateway && var.enable_ipv6 && var.private_subnet_enable_dns64 ? local.nat_gateway_count : 0 + + route_table_id = element(aws_route_table.private[*].id, count.index) + destination_ipv6_cidr_block = "64:ff9b::/96" + nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index) + + timeouts { + create = "5m" + } +} + ################################################################################ # Customer Gateways ################################################################################