Improved

Author: himanshu-uniyal

_example/example.tf

@@ -23,5 +23,6 @@ module "security_group" {
   protocol      = "tcp"
   description   = "Instance default security group (only egress access is allowed)."
   allowed_ip    = ["172.16.0.0/16", "10.0.0.0/16"]
+  allowed_ipv6  = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
   allowed_ports = [22, 27017]
 }

main.tf

@@ -8,7 +8,7 @@
 #              convention.
 
 module "labels" {
-  source = "git::https://github.com/clouddrove/terraform-labels.git?ref=tags/0.12.0"
+  source = "git::https://github.com/clouddrove/terraform-labels.git?ref=tags/0.13.0"
 
   name        = var.name
   application = var.application
@@ -22,6 +22,7 @@ locals {
   enable_cidr_rules              = var.enable_security_group && (length(var.allowed_ip) > 0)
   enable_source_sec_group_rules  = var.enable_security_group && (length(var.security_groups) > 0)
   ports_source_sec_group_product = setproduct(compact(var.allowed_ports), compact(var.security_groups))
+  enable_cidr_rules_ipv6         = var.enable_security_group && (length(var.allowed_ipv6) > 0)
 }
 
 #Module      : SECURITY GROUP
@@ -52,7 +53,17 @@ resource "aws_security_group_rule" "egress" {
   cidr_blocks       = ["0.0.0.0/0"]
   security_group_id = join("", aws_security_group.default.*.id)
 }
+resource "aws_security_group_rule" "egress_ipv6" {
+  count = var.enable_security_group == true && local.enable_cidr_rules_ipv6 == true ? length(compact(var.allowed_ports)) : 0
 
+  type              = "egress"
+  from_port         = 0
+  to_port           = 65535
+  protocol          = "-1"
+  ipv6_cidr_blocks  = ["::/0"]
+  security_group_id = join("", aws_security_group.default.*.id)
+  prefix_list_ids   = var.prefix_list
+}
 #Module      : SECURITY GROUP RULE FOR INGRESS
 #Description : Provides a security group rule resource. Represents a single ingress
 #              group rule, which can be added to external Security Groups.
@@ -66,6 +77,16 @@ resource "aws_security_group_rule" "ingress" {
   cidr_blocks       = var.allowed_ip
   security_group_id = join("", aws_security_group.default.*.id)
 }
+resource "aws_security_group_rule" "ingress_ipv6" {
+  count = var.enable_security_group == true && local.enable_cidr_rules_ipv6 == true ? length(compact(var.allowed_ports)) : 0
+
+  type              = "ingress"
+  from_port         = element(var.allowed_ports, count.index)
+  to_port           = element(var.allowed_ports, count.index)
+  protocol          = var.protocol
+  ipv6_cidr_blocks  = var.allowed_ipv6
+  security_group_id = join("", aws_security_group.default.*.id)
+}
 
 resource "aws_security_group_rule" "ingress_sg" {
   count = local.enable_source_sec_group_rules == true ? length(local.ports_source_sec_group_product) : 0

variables.tf

@@ -78,4 +78,14 @@ variable "protocol" {
   type        = string
   default     = "tcp"
   description = "The protocol. If not icmp, tcp, udp, or all use the."
+}
+variable "allowed_ipv6" {
+  type        = list
+  default     = []
+  description = "List of allowed ipv6."
+}
+variable "prefix_list" {
+  type        = list
+  default     = []
+  description = "List of prefix list IDs (for allowing access to VPC endpoints)Only valid with egress"
 }

versions.tf

@@ -3,7 +3,8 @@ terraform {
   required_version = ">= 0.12.0, < 0.14.0"
   required_providers {
     aws = {
-      source = "hashicorp/aws"
+      source  = "hashicorp/aws"
+      version = "3.10.0"
     }
   }
 }