add ip_address_type to allow for ipv4, ipv6, dualstack

terraform-modules · Jul 19, 2024 · f3c1836 · f3c1836
1 parent 551a5a2
commit f3c1836
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 0 deletions.
diff --git a/vpc-interface-endpoint/README.md b/vpc-interface-endpoint/README.md
@@ -235,6 +235,7 @@ These are not included in the module because they don't exist until the resource
 | <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
 | <a name="input_create_central_vpc_endpoint"></a> [create\_central\_vpc\_endpoint](#input\_create\_central\_vpc\_endpoint) | Flag to enable this endpoint to be handled as central, creating route53 zones and entries for the private zone, and creating an SSM parameter with the needed details for VPC association. | `bool` | `false` | no |
+| <a name="input_ip_address_type"></a> [ip\_address\_type](#input\_ip\_address\_type) | IP Address Type (ipv4, ipv6, dualstack) for interface and DNS | `string` | `"ipv4"` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_policy"></a> [policy](#input\_policy) | IAM policy to apply to the VPC endpoint | `string` | `null` | no |
 | <a name="input_private_dns_enabled"></a> [private\_dns\_enabled](#input\_private\_dns\_enabled) | Flag to enble \| disable private DNS (default: true) | `bool` | `true` | no |

diff --git a/vpc-interface-endpoint/main.tf b/vpc-interface-endpoint/main.tf
@@ -93,6 +93,9 @@ resource "aws_vpc_endpoint" "interface_endpoint" {
   private_dns_enabled = var.private_dns_enabled
   auto_accept         = true
 
+  ip_address_type    = var.ip_address_type
+  dns_record_ip_type = var.ip_address_type
+
   tags = merge(
     local.base_tags,
     var.tags,

diff --git a/vpc-interface-endpoint/variables.tf b/vpc-interface-endpoint/variables.tf
@@ -31,3 +31,25 @@ variable "create_central_vpc_endpoint" {
   type        = bool
   default     = false
 }
+
+# currently no use for dns_options.dns_record_ip_type to be service-defined
+
+variable "ip_address_type" {
+  description = "IP Address Type (ipv4, ipv6, dualstack) for interface and DNS"
+  type        = string
+  default     = "ipv4"
+
+  validation {
+    condition     = contains(["ipv4", "ipv6", "dualstack"], var.ip_address_type)
+    error_message = "var.ip_address_type invalid, must be one of: ipv4 | ipv6 | dualstack."
+  }
+}
+
+# dns_options
+# dns_record_ip_type - (Optional) The DNS records created for the endpoint. Valid values are ipv4, dualstack, service-defined, and ipv6.
+#
+# subnet_configuration (only to provide custom IPs for each type)
+# ipv4 - (Optional) The IPv4 address to assign to the endpoint network interface in the subnet. You must provide an IPv4 address if the VPC endpoint supports IPv4.
+# ipv6 - (Optional) The IPv6 address to assign to the endpoint network interface in the subnet. You must provide an IPv6 address if the VPC endpoint supports IPv6.
+# subnet - (Optional) The ID of the subnet. Must have a corresponding subnet in the subnet_ids argument.
+