terraform-aws-vpc icon indicating copy to clipboard operation
terraform-aws-vpc copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

Unable to migrate from IPv4 to IPv6 (VPC with subnets)

Open ricwo opened this issue 1 year ago β€’ 0 comments

Description

I'm trying to upgrade a VPC including two public and two private subnets from IPv4 to IPv6. Setting enable_ipv6 does not work.

A similar issue was reported in the past, which was allegedly fixed in 5.13.0.

  • [x] βœ‹ I have searched the open/closed issues and my issue is not listed.

Versions

  • Module version [Required]: 5.5.2
  • Terraform version: 1.5.7

Reproduction Code [Required]

Before:

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = var.name
  cidr = "10.0.0.0/16"

  azs             = ["eu-central-1a", "eu-central-1b"]
  private_subnets = ["10.0.0.0/19", "10.0.32.0/19"]
  public_subnets  = ["10.0.64.0/19", "10.0.96.0/19"]

  enable_nat_gateway     = true
  single_nat_gateway     = false
  one_nat_gateway_per_az = false
}

After:

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = var.name
  cidr = "10.0.0.0/16"

  azs             = ["eu-central-1a", "eu-central-1b"]
  private_subnets = ["10.0.0.0/19", "10.0.32.0/19"]
  public_subnets  = ["10.0.64.0/19", "10.0.96.0/19"]

  enable_ipv6                                    = true
  private_subnet_assign_ipv6_address_on_creation = true
  public_subnet_assign_ipv6_address_on_creation  = true


  enable_nat_gateway     = true
  single_nat_gateway     = false
  one_nat_gateway_per_az = false
}

Expected behavior

An automatic upgrade to IPv6 of the VPC and all associated resources.

Actual behavior

The subnets update like this:

  # module.vpc.module.vpc.aws_subnet.private[0] will be updated in-place
  ~ resource "aws_subnet" "private" {
      ~ assign_ipv6_address_on_creation                = false -> true
      ~ enable_dns64                                   = false -> true
      ~ enable_resource_name_dns_aaaa_record_on_launch = false -> true
        id                                             = "subnet-123"
        # (13 unchanged attributes hidden)
    }

and the VPC with

  # module.vpc.module.vpc.aws_vpc.this[0] will be updated in-place
  ~ resource "aws_vpc" "this" {
      ~ assign_generated_ipv6_cidr_block     = false -> true
        id                                   = "vpc-123"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
        # (14 unchanged attributes hidden)
    }

However, this results in

Error: modifying EC2 Subnet (subnet-123) EnableDns64: InvalidParameterValue: Invalid value 'true' for enable-dns64. Cannot set enable-dns64 to true unless the subnet (subnet-123) has an IPv6 CIDR block associated with it.

for all four subnets.

ricwo avatar Feb 29 '24 16:02 ricwo