From f3c183634dda93311d8752a33d700cb366a4cb72 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 19 Jul 2024 15:36:58 -0400 Subject: [PATCH] add ip_address_type to allow for ipv4, ipv6, dualstack --- vpc-interface-endpoint/README.md | 1 + vpc-interface-endpoint/main.tf | 3 +++ vpc-interface-endpoint/variables.tf | 22 ++++++++++++++++++++++ 3 files changed, 26 insertions(+) diff --git a/vpc-interface-endpoint/README.md b/vpc-interface-endpoint/README.md index e4e2966..7fd6739 100644 --- a/vpc-interface-endpoint/README.md +++ b/vpc-interface-endpoint/README.md @@ -235,6 +235,7 @@ These are not included in the module because they don't exist until the resource | [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no | | [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no | | [create\_central\_vpc\_endpoint](#input\_create\_central\_vpc\_endpoint) | Flag to enable this endpoint to be handled as central, creating route53 zones and entries for the private zone, and creating an SSM parameter with the needed details for VPC association. | `bool` | `false` | no | +| [ip\_address\_type](#input\_ip\_address\_type) | IP Address Type (ipv4, ipv6, dualstack) for interface and DNS | `string` | `"ipv4"` | no | | [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no | | [policy](#input\_policy) | IAM policy to apply to the VPC endpoint | `string` | `null` | no | | [private\_dns\_enabled](#input\_private\_dns\_enabled) | Flag to enble \| disable private DNS (default: true) | `bool` | `true` | no | diff --git a/vpc-interface-endpoint/main.tf b/vpc-interface-endpoint/main.tf index 80838b2..521707f 100644 --- a/vpc-interface-endpoint/main.tf +++ b/vpc-interface-endpoint/main.tf @@ -93,6 +93,9 @@ resource "aws_vpc_endpoint" "interface_endpoint" { private_dns_enabled = var.private_dns_enabled auto_accept = true + ip_address_type = var.ip_address_type + dns_record_ip_type = var.ip_address_type + tags = merge( local.base_tags, var.tags, diff --git a/vpc-interface-endpoint/variables.tf b/vpc-interface-endpoint/variables.tf index a48d204..6c17f19 100644 --- a/vpc-interface-endpoint/variables.tf +++ b/vpc-interface-endpoint/variables.tf @@ -31,3 +31,25 @@ variable "create_central_vpc_endpoint" { type = bool default = false } + +# currently no use for dns_options.dns_record_ip_type to be service-defined + +variable "ip_address_type" { + description = "IP Address Type (ipv4, ipv6, dualstack) for interface and DNS" + type = string + default = "ipv4" + + validation { + condition = contains(["ipv4", "ipv6", "dualstack"], var.ip_address_type) + error_message = "var.ip_address_type invalid, must be one of: ipv4 | ipv6 | dualstack." + } +} + +# dns_options +# dns_record_ip_type - (Optional) The DNS records created for the endpoint. Valid values are ipv4, dualstack, service-defined, and ipv6. +# +# subnet_configuration (only to provide custom IPs for each type) +# ipv4 - (Optional) The IPv4 address to assign to the endpoint network interface in the subnet. You must provide an IPv4 address if the VPC endpoint supports IPv4. +# ipv6 - (Optional) The IPv6 address to assign to the endpoint network interface in the subnet. You must provide an IPv6 address if the VPC endpoint supports IPv6. +# subnet - (Optional) The ID of the subnet. Must have a corresponding subnet in the subnet_ids argument. +