Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add IPv6 ingress security group rules #186

Merged
merged 1 commit into from
Nov 7, 2024
Merged

Add IPv6 ingress security group rules #186

merged 1 commit into from
Nov 7, 2024

Conversation

mschfh
Copy link
Contributor

@mschfh mschfh commented Oct 30, 2024

what

  • Added IPv6 support for ingress security groups
  • Added variable validation for http_ingress_cidr_blocks and https_ingress_cidr_blocks
  • Added variable validation for ip_address_type
  • Updated the http_ingress_cidr_blocks and https_ingress_cidr_blocks defaults values to include ::/0

why

The current implementation only configures IPv4 security group rules, causing IPv6 traffic to be dropped by default for dualstack ALBs

references

AWS Load Balancer dual-stack mode: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#ip-address-type
AWS Security Group IPv6 support: https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html#security-group-rule-syntax
TF aws_security_group_rule resource: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule#ipv6_cidr_blocks

@mschfh mschfh requested review from a team as code owners October 30, 2024 23:17
@mergify mergify bot added the triage Needs triage label Oct 30, 2024
@GabisCampana
Copy link

@Nuru

@mergify Mergify
Copy link

mergify bot commented Nov 7, 2024

💥 This pull request now has conflicts. Could you fix it @mschfh? 🙏

@mergify mergify bot added the conflict This PR has conflicts label Nov 7, 2024
@mergify mergify bot removed the conflict This PR has conflicts label Nov 7, 2024
@mschfh
Copy link
Contributor Author

mschfh commented Nov 7, 2024

rebased (there is an unrelated docs change, see #187 (comment))

@mschfh mschfh mentioned this pull request Nov 7, 2024
Closed
@Nuru Nuru added minor New features that do not break anything feature New functionality and removed triage Needs triage labels Nov 7, 2024
@Nuru
Copy link
Contributor

Nuru commented Nov 7, 2024

/terratest

@Nuru Nuru merged commit 95e6dc2 into cloudposse:main Nov 7, 2024
27 of 57 checks passed
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 7, 2024

These changes were released in v1.12.0.

@mschfh mschfh deleted the fix-ipv6-ingress branch November 7, 2024 20:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Nuru Nuru Nuru approved these changes

@hans-d hans-d Awaiting requested review from hans-d hans-d is a code owner automatically assigned from cloudposse/contributors

@gberenice gberenice Awaiting requested review from gberenice gberenice is a code owner automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
feature New functionality minor New features that do not break anything
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mschfh @GabisCampana @Nuru