Add IPv6 support (#317)

* IPv6 support Add variable "enable_ipv6" to allow enabling IPv6 support (resulting in passing "assign_generated_ipv6_cidr_block" to aws_vpc. Enabling IPv6 support further results in an Egress-only internet gateway being provisioned and routing tables of subnets being adjusted. Additional variables allow to choose the indices out of the /64 subnets based on the assigned /56 range. * Add example for IPv6 usage * Remove redundant parameter assign_generated_ipv6_cidr_block This is needed exactly when var.enable_ipv6 is true. * Set subnet ipv6_cidr_block to null if unused * Be picky about spelling * Revert unrelated change * More IPv6 spelling * Added IPv6 support to VPC module * Added IPv6 support to VPC module

Add IPv6 support (#317)
* IPv6 support Add variable "enable_ipv6" to allow enabling IPv6 support (resulting in passing "assign_generated_ipv6_cidr_block" to aws_vpc. Enabling IPv6 support further results in an Egress-only internet gateway being provisioned and routing tables of subnets being adjusted. Additional variables allow to choose the indices out of the /64 subnets based on the assigned /56 range. * Add example for IPv6 usage * Remove redundant parameter assign_generated_ipv6_cidr_block This is needed exactly when var.enable_ipv6 is true. * Set subnet ipv6_cidr_block to null if unused * Be picky about spelling * Revert unrelated change * More IPv6 spelling * Added IPv6 support to VPC module * Added IPv6 support to VPC module
be962ae7 · Anton Babenko · GitHub · 40821bbe · be962ae7 · be962ae7
Commit be962ae7 authored Sep 02, 2019 by Anton Babenko Committed by GitHub Sep 02, 2019
10 changed files
--- a/README.md
+++ b/README.md
--- a/examples/ipv6/README.md
+++ b/examples/ipv6/README.md
+# VPC with IPv6 enabled
+
+Configuration in this directory creates set of VPC resources with IPv6 enabled on VPC and subnets.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ipv6\_association\_id | The IPv6 CIDR block |
+| ipv6\_cidr\_block | The association ID for the IPv6 CIDR block |
+| vpc\_id | The ID of the VPC |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
--- a/examples/ipv6/main.tf
+++ b/examples/ipv6/main.tf
+provider "aws" {
+  region = "eu-west-1"
+}
+
+data "aws_availability_zones" "available" {}
+
+module "vpc" {
+  source = "../.."
+
+  name = "ipv6"
+
+  cidr = "10.0.0.0/16"
+
+  azs              = [data.aws_availability_zones.available.names[0], data.aws_availability_zones.available.names[1]]
+  private_subnets  = ["10.0.1.0/24", "10.0.2.0/24"]
+  public_subnets   = ["10.0.101.0/24", "10.0.102.0/24"]
+  database_subnets = ["10.0.103.0/24", "10.0.104.0/24"]
+
+  enable_nat_gateway = false
+
+  create_database_subnet_route_table     = true
+  create_database_internet_gateway_route = true
+
+  enable_ipv6                     = true
+  assign_ipv6_address_on_creation = true
+
+  private_subnet_assign_ipv6_address_on_creation = false
+
+  public_subnet_ipv6_prefixes   = [0, 1]
+  private_subnet_ipv6_prefixes  = [2, 3]
+  database_subnet_ipv6_prefixes = [4, 5]
+
+  tags = {
+    Owner       = "user"
+    Environment = "dev"
+  }
+}
--- a/examples/ipv6/outputs.tf
+++ b/examples/ipv6/outputs.tf
+# VPC
+output "vpc_id" {
+  description = "The ID of the VPC"
+  value       = module.vpc.vpc_id
+}
+
+output "ipv6_association_id" {
+  description = "The IPv6 CIDR block"
+  value       = module.vpc.vpc_ipv6_cidr_block
+}
+
+output "ipv6_cidr_block" {
+  description = "The association ID for the IPv6 CIDR block"
+  value       = module.vpc.vpc_ipv6_association_id
+}
--- a/examples/network-acls/main.tf
+++ b/examples/network-acls/main.tf
@@ -26,7 +26,7 @@ module "vpc" {

  private_dedicated_network_acl = true

-  assign_generated_ipv6_cidr_block = true
+  enable_ipv6 = true

  enable_nat_gateway = false
  single_nat_gateway = true

--- a/examples/secondary-cidr-blocks/main.tf
+++ b/examples/secondary-cidr-blocks/main.tf
@@ -14,9 +14,10 @@ module "vpc" {
  private_subnets = ["10.0.1.0/24", "10.1.2.0/24", "10.2.3.0/24"]
  public_subnets  = ["10.0.101.0/24", "10.1.102.0/24", "10.2.103.0/24"]

-  assign_generated_ipv6_cidr_block = true
-  enable_nat_gateway               = true
-  single_nat_gateway               = true
+  enable_ipv6 = true
+
+  enable_nat_gateway = true
+  single_nat_gateway = true

  public_subnet_tags = {
    Name = "overridden-name-public"

--- a/examples/simple-vpc/main.tf
+++ b/examples/simple-vpc/main.tf
@@ -18,7 +18,7 @@ module "vpc" {
  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]

-  assign_generated_ipv6_cidr_block = true
+  enable_ipv6 = true

  enable_nat_gateway = true
  single_nat_gateway = true

--- a/main.tf
+++ b/main.tf
@@ -28,7 +28,7 @@ resource "aws_vpc" "this" {
  instance_tenancy                 = var.instance_tenancy
  enable_dns_hostnames             = var.enable_dns_hostnames
  enable_dns_support               = var.enable_dns_support
-  assign_generated_ipv6_cidr_block = var.assign_generated_ipv6_cidr_block
+  assign_generated_ipv6_cidr_block = var.enable_ipv6

  tags = merge(
    {
@@ -95,6 +95,12 @@ resource "aws_internet_gateway" "this" {
  )
 }

+resource "aws_egress_only_internet_gateway" "this" {
+  count = var.create_vpc && var.enable_ipv6 && local.max_subnet_length > 0 ? 1 : 0
+
+  vpc_id = local.vpc_id
+}
+
 ################
 # Publiс routes
 ################
@@ -124,6 +130,14 @@ resource "aws_route" "public_internet_gateway" {
  }
 }

+resource "aws_route" "public_internet_gateway_ipv6" {
+  count = var.create_vpc && var.enable_ipv6 && length(var.public_subnets) > 0 ? 1 : 0
+
+  route_table_id              = aws_route_table.public[0].id
+  destination_ipv6_cidr_block = "::/0"
+  gateway_id                  = aws_internet_gateway.this[0].id
+}
+
 #################
 # Private routes
 # There are as many routing tables as the number of NAT gateways
@@ -193,6 +207,18 @@ resource "aws_route" "database_nat_gateway" {
  }
 }

+resource "aws_route" "database_ipv6_egress" {
+  count = var.create_vpc && var.enable_ipv6 && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route ? 1 : 0
+
+  route_table_id              = aws_route_table.database[0].id
+  destination_ipv6_cidr_block = "::/0"
+  egress_only_gateway_id      = aws_egress_only_internet_gateway.this[0].id
+
+  timeouts {
+    create = "5m"
+  }
+}
+
 #################
 # Redshift routes
 #################
@@ -250,10 +276,13 @@ resource "aws_route_table" "intra" {
 resource "aws_subnet" "public" {
  count = var.create_vpc && length(var.public_subnets) > 0 && (false == var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs)) ? length(var.public_subnets) : 0

-  vpc_id                  = local.vpc_id
-  cidr_block              = element(concat(var.public_subnets, [""]), count.index)
-  availability_zone       = element(var.azs, count.index)
-  map_public_ip_on_launch = var.map_public_ip_on_launch
+  vpc_id                          = local.vpc_id
+  cidr_block                      = element(concat(var.public_subnets, [""]), count.index)
+  availability_zone               = element(var.azs, count.index)
+  map_public_ip_on_launch         = var.map_public_ip_on_launch
+  assign_ipv6_address_on_creation = var.public_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.public_subnet_assign_ipv6_address_on_creation
+
+  ipv6_cidr_block = var.enable_ipv6 && length(var.public_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.public_subnet_ipv6_prefixes[count.index]) : null

  tags = merge(
    {
@@ -274,9 +303,12 @@ resource "aws_subnet" "public" {
 resource "aws_subnet" "private" {
  count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0

-  vpc_id            = local.vpc_id
-  cidr_block        = var.private_subnets[count.index]
-  availability_zone = element(var.azs, count.index)
+  vpc_id                          = local.vpc_id
+  cidr_block                      = var.private_subnets[count.index]
+  availability_zone               = element(var.azs, count.index)
+  assign_ipv6_address_on_creation = var.private_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.private_subnet_assign_ipv6_address_on_creation
+
+  ipv6_cidr_block = var.enable_ipv6 && length(var.private_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.private_subnet_ipv6_prefixes[count.index]) : null

  tags = merge(
    {
@@ -297,9 +329,12 @@ resource "aws_subnet" "private" {
 resource "aws_subnet" "database" {
  count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0

-  vpc_id            = local.vpc_id
-  cidr_block        = var.database_subnets[count.index]
-  availability_zone = element(var.azs, count.index)
+  vpc_id                          = local.vpc_id
+  cidr_block                      = var.database_subnets[count.index]
+  availability_zone               = element(var.azs, count.index)
+  assign_ipv6_address_on_creation = var.database_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.database_subnet_assign_ipv6_address_on_creation
+
+  ipv6_cidr_block = var.enable_ipv6 && length(var.database_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.database_subnet_ipv6_prefixes[count.index]) : null

  tags = merge(
    {
@@ -336,9 +371,12 @@ resource "aws_db_subnet_group" "database" {
 resource "aws_subnet" "redshift" {
  count = var.create_vpc && length(var.redshift_subnets) > 0 ? length(var.redshift_subnets) : 0

-  vpc_id            = local.vpc_id
-  cidr_block        = var.redshift_subnets[count.index]
-  availability_zone = element(var.azs, count.index)
+  vpc_id                          = local.vpc_id
+  cidr_block                      = var.redshift_subnets[count.index]
+  availability_zone               = element(var.azs, count.index)
+  assign_ipv6_address_on_creation = var.redshift_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.redshift_subnet_assign_ipv6_address_on_creation
+
+  ipv6_cidr_block = var.enable_ipv6 && length(var.redshift_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.redshift_subnet_ipv6_prefixes[count.index]) : null

  tags = merge(
    {
@@ -375,9 +413,12 @@ resource "aws_redshift_subnet_group" "redshift" {
 resource "aws_subnet" "elasticache" {
  count = var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0

-  vpc_id            = local.vpc_id
-  cidr_block        = var.elasticache_subnets[count.index]
-  availability_zone = element(var.azs, count.index)
+  vpc_id                          = local.vpc_id
+  cidr_block                      = var.elasticache_subnets[count.index]
+  availability_zone               = element(var.azs, count.index)
+  assign_ipv6_address_on_creation = var.elasticache_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.elasticache_subnet_assign_ipv6_address_on_creation
+
+  ipv6_cidr_block = var.enable_ipv6 && length(var.elasticache_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.elasticache_subnet_ipv6_prefixes[count.index]) : null

  tags = merge(
    {
@@ -406,9 +447,12 @@ resource "aws_elasticache_subnet_group" "elasticache" {
 resource "aws_subnet" "intra" {
  count = var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0

-  vpc_id            = local.vpc_id
-  cidr_block        = var.intra_subnets[count.index]
-  availability_zone = element(var.azs, count.index)
+  vpc_id                          = local.vpc_id
+  cidr_block                      = var.intra_subnets[count.index]
+  availability_zone               = element(var.azs, count.index)
+  assign_ipv6_address_on_creation = var.intra_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.intra_subnet_assign_ipv6_address_on_creation
+
+  ipv6_cidr_block = var.enable_ipv6 && length(var.intra_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.intra_subnet_ipv6_prefixes[count.index]) : null

  tags = merge(
    {
@@ -824,6 +868,14 @@ resource "aws_route" "private_nat_gateway" {
  }
 }

+resource "aws_route" "private_ipv6_egress" {
+  count = var.enable_ipv6 ? length(var.private_subnets) : 0
+
+  route_table_id              = element(aws_route_table.private.*.id, count.index)
+  destination_ipv6_cidr_block = "::/0"
+  egress_only_gateway_id      = element(aws_egress_only_internet_gateway.this.*.id, 0)
+}
+
 ######################
 # VPC Endpoint for S3
 ######################

--- a/outputs.tf
+++ b/outputs.tf
@@ -45,7 +45,7 @@ output "vpc_enable_dns_hostnames" {

 //output "vpc_enable_classiclink" {
 //  description = "Whether or not the VPC has Classiclink enabled"
-//  value       = "${element(concat(aws_vpc.this.*.enable_classiclink, list("")), 0)}"
+//  value       = concat(aws_vpc.this.*.enable_classiclink, [""])[0]
 //}

 output "vpc_main_route_table_id" {
@@ -53,15 +53,15 @@ output "vpc_main_route_table_id" {
  value       = concat(aws_vpc.this.*.main_route_table_id, [""])[0]
 }

-//output "vpc_ipv6_association_id" {
-//  description = "The association ID for the IPv6 CIDR block"
-//  value       = "${element(concat(aws_vpc.this.*.ipv6_association_id, list("")), 0)}"
-//}
-//
-//output "vpc_ipv6_cidr_block" {
-//  description = "The IPv6 CIDR block"
-//  value       = "${element(concat(aws_vpc.this.*.ipv6_cidr_block, list("")), 0)}"
-//}
+output "vpc_ipv6_association_id" {
+  description = "The association ID for the IPv6 CIDR block"
+  value       = concat(aws_vpc.this.*.ipv6_association_id, [""])[0]
+}
+
+output "vpc_ipv6_cidr_block" {
+  description = "The IPv6 CIDR block"
+  value       = concat(aws_vpc.this.*.ipv6_cidr_block, [""])[0]
+}

 output "vpc_secondary_cidr_blocks" {
  description = "List of secondary CIDR blocks of the VPC"
@@ -83,6 +83,11 @@ output "private_subnets_cidr_blocks" {
  value       = aws_subnet.private.*.cidr_block
 }

+output "private_subnets_ipv6_cidr_blocks" {
+  description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
+  value       = aws_subnet.private.*.ipv6_cidr_block
+}
+
 output "public_subnets" {
  description = "List of IDs of public subnets"
  value       = aws_subnet.public.*.id
@@ -98,6 +103,11 @@ output "public_subnets_cidr_blocks" {
  value       = aws_subnet.public.*.cidr_block
 }

+output "public_subnets_ipv6_cidr_blocks" {
+  description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+  value       = aws_subnet.public.*.ipv6_cidr_block
+}
+
 output "database_subnets" {
  description = "List of IDs of database subnets"
  value       = aws_subnet.database.*.id
@@ -113,6 +123,11 @@ output "database_subnets_cidr_blocks" {
  value       = aws_subnet.database.*.cidr_block
 }

+output "database_subnets_ipv6_cidr_blocks" {
+  description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
+  value       = aws_subnet.database.*.ipv6_cidr_block
+}
+
 output "database_subnet_group" {
  description = "ID of database subnet group"
  value       = concat(aws_db_subnet_group.database.*.id, [""])[0]
@@ -133,6 +148,11 @@ output "redshift_subnets_cidr_blocks" {
  value       = aws_subnet.redshift.*.cidr_block
 }

+output "redshift_subnets_ipv6_cidr_blocks" {
+  description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+  value       = aws_subnet.redshift.*.ipv6_cidr_block
+}
+
 output "redshift_subnet_group" {
  description = "ID of redshift subnet group"
  value       = concat(aws_redshift_subnet_group.redshift.*.id, [""])[0]
@@ -153,6 +173,11 @@ output "elasticache_subnets_cidr_blocks" {
  value       = aws_subnet.elasticache.*.cidr_block
 }

+output "elasticache_subnets_ipv6_cidr_blocks" {
+  description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+  value       = aws_subnet.elasticache.*.ipv6_cidr_block
+}
+
 output "intra_subnets" {
  description = "List of IDs of intra subnets"
  value       = aws_subnet.intra.*.id
@@ -168,6 +193,11 @@ output "intra_subnets_cidr_blocks" {
  value       = aws_subnet.intra.*.cidr_block
 }

+output "intra_subnets_ipv6_cidr_blocks" {
+  description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+  value       = aws_subnet.intra.*.ipv6_cidr_block
+}
+
 output "elasticache_subnet_group" {
  description = "ID of elasticache subnet group"
  value       = concat(aws_elasticache_subnet_group.elasticache.*.id, [""])[0]
@@ -228,6 +258,11 @@ output "igw_id" {
  value       = concat(aws_internet_gateway.this.*.id, [""])[0]
 }

+output "egress_only_internet_gateway_id" {
+  description = "The ID of the egress only Internet Gateway"
+  value       = concat(aws_egress_only_internet_gateway.this.*.id, [""])[0]
+}
+
 output "vgw_id" {
  description = "The ID of the VPN Gateway"
  value = concat(
@@ -279,7 +314,7 @@ output "default_vpc_enable_dns_hostnames" {

 //output "default_vpc_enable_classiclink" {
 //  description = "Whether or not the VPC has Classiclink enabled"
-//  value       = "${element(concat(aws_default_vpc.this.*.enable_classiclink, list("")), 0)}"
+//  value       = concat(aws_default_vpc.this.*.enable_classiclink, [""])[0]
 //}

 output "default_vpc_main_route_table_id" {
@@ -289,12 +324,12 @@ output "default_vpc_main_route_table_id" {

 //output "default_vpc_ipv6_association_id" {
 //  description = "The association ID for the IPv6 CIDR block"
-//  value       = "${element(concat(aws_default_vpc.this.*.ipv6_association_id, list("")), 0)}"
+//  value       = concat(aws_default_vpc.this.*.ipv6_association_id, [""])[0]
 //}
 //
 //output "default_vpc_ipv6_cidr_block" {
 //  description = "The IPv6 CIDR block"
-//  value       = "${element(concat(aws_default_vpc.this.*.ipv6_cidr_block, list("")), 0)}"
+//  value       = concat(aws_default_vpc.this.*.ipv6_cidr_block, [""])[0]
 //}

 output "public_network_acl_id" {
@@ -350,17 +385,17 @@ output "vpc_endpoint_dynamodb_pl_id" {

 output "vpc_endpoint_sqs_id" {
  description = "The ID of VPC endpoint for SQS"
-  value       = "${element(concat(aws_vpc_endpoint.sqs.*.id, list("")), 0)}"
+  value       = concat(aws_vpc_endpoint.sqs.*.id, [""])[0]
 }

 output "vpc_endpoint_sqs_network_interface_ids" {
  description = "One or more network interfaces for the VPC Endpoint for SQS."
-  value       = "${flatten(aws_vpc_endpoint.sqs.*.network_interface_ids)}"
+  value       = flatten(aws_vpc_endpoint.sqs.*.network_interface_ids)
 }

 output "vpc_endpoint_sqs_dns_entry" {
  description = "The DNS entries for the VPC Endpoint for SQS."
-  value       = "${flatten(aws_vpc_endpoint.sqs.*.dns_entry)}"
+  value       = flatten(aws_vpc_endpoint.sqs.*.dns_entry)
 }

 output "vpc_endpoint_ssm_id" {
@@ -485,47 +520,47 @@ output "vpc_endpoint_apigw_dns_entry" {

 output "vpc_endpoint_ecs_id" {
  description = "The ID of VPC endpoint for ECS"
-  value       = "${element(concat(aws_vpc_endpoint.ecs.*.id, list("")), 0)}"
+  value       = concat(aws_vpc_endpoint.ecs.*.id, [""])[0]
 }

 output "vpc_endpoint_ecs_network_interface_ids" {
  description = "One or more network interfaces for the VPC Endpoint for ECS."
-  value       = "${flatten(aws_vpc_endpoint.ecs.*.network_interface_ids)}"
+  value       = flatten(aws_vpc_endpoint.ecs.*.network_interface_ids)
 }

 output "vpc_endpoint_ecs_dns_entry" {
  description = "The DNS entries for the VPC Endpoint for ECS."
-  value       = "${flatten(aws_vpc_endpoint.ecs.*.dns_entry)}"
+  value       = flatten(aws_vpc_endpoint.ecs.*.dns_entry)
 }

 output "vpc_endpoint_ecs_agent_id" {
  description = "The ID of VPC endpoint for ECS Agent"
-  value       = "${element(concat(aws_vpc_endpoint.ecs_agent.*.id, list("")), 0)}"
+  value       = concat(aws_vpc_endpoint.ecs_agent.*.id, [""])[0]
 }

 output "vpc_endpoint_ecs_agent_network_interface_ids" {
  description = "One or more network interfaces for the VPC Endpoint for ECS Agent."
-  value       = "${flatten(aws_vpc_endpoint.ecs_agent.*.network_interface_ids)}"
+  value       = flatten(aws_vpc_endpoint.ecs_agent.*.network_interface_ids)
 }

 output "vpc_endpoint_ecs_agent_dns_entry" {
  description = "The DNS entries for the VPC Endpoint for ECS Agent."
-  value       = "${flatten(aws_vpc_endpoint.ecs_agent.*.dns_entry)}"
+  value       = flatten(aws_vpc_endpoint.ecs_agent.*.dns_entry)
 }

 output "vpc_endpoint_ecs_telemetry_id" {
  description = "The ID of VPC endpoint for ECS Telemetry"
-  value       = "${element(concat(aws_vpc_endpoint.ecs_telemetry.*.id, list("")), 0)}"
+  value       = concat(aws_vpc_endpoint.ecs_telemetry.*.id, [""])[0]
 }

 output "vpc_endpoint_ecs_telemetry_network_interface_ids" {
  description = "One or more network interfaces for the VPC Endpoint for ECS Telemetry."
-  value       = "${flatten(aws_vpc_endpoint.ecs_telemetry.*.network_interface_ids)}"
+  value       = flatten(aws_vpc_endpoint.ecs_telemetry.*.network_interface_ids)
 }

 output "vpc_endpoint_ecs_telemetry_dns_entry" {
  description = "The DNS entries for the VPC Endpoint for ECS Telemetry."
-  value       = "${flatten(aws_vpc_endpoint.ecs_telemetry.*.dns_entry)}"
+  value       = flatten(aws_vpc_endpoint.ecs_telemetry.*.dns_entry)
 }

 output "vpc_endpoint_sns_id" {

--- a/variables.tf
+++ b/variables.tf
@@ -6,20 +6,100 @@ variable "create_vpc" {

 variable "name" {
  description = "Name to be used on all the resources as identifier"
+  type        = string
  default     = ""
 }

 variable "cidr" {
  description = "The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden"
+  type        = string
  default     = "0.0.0.0/0"
 }

-variable "assign_generated_ipv6_cidr_block" {
-  description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block"
+variable "enable_ipv6" {
+  description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block."
+  type        = bool
+  default     = false
+}
+
+variable "private_subnet_ipv6_prefixes" {
+  description = "Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+  type        = list
+  default     = []
+}
+
+variable "public_subnet_ipv6_prefixes" {
+  description = "Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+  type        = list
+  default     = []
+}
+
+variable "database_subnet_ipv6_prefixes" {
+  description = "Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+  type        = list
+  default     = []
+}
+
+variable "redshift_subnet_ipv6_prefixes" {
+  description = "Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+  type        = list
+  default     = []
+}
+
+variable "elasticache_subnet_ipv6_prefixes" {
+  description = "Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+  type        = list
+  default     = []
+}
+
+variable "intra_subnet_ipv6_prefixes" {
+  description = "Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+  type        = list
+  default     = []
+}
+
+variable "assign_ipv6_address_on_creation" {
+  description = "Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  type        = bool
  default     = false
 }

+variable "private_subnet_assign_ipv6_address_on_creation" {
+  description = "Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
+  type        = bool
+  default     = null
+}
+
+variable "public_subnet_assign_ipv6_address_on_creation" {
+  description = "Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
+  type        = bool
+  default     = null
+}
+
+variable "database_subnet_assign_ipv6_address_on_creation" {
+  description = "Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
+  type        = bool
+  default     = null
+}
+
+variable "redshift_subnet_assign_ipv6_address_on_creation" {
+  description = "Assign IPv6 address on redshift subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
+  type        = bool
+  default     = null
+}
+
+variable "elasticache_subnet_assign_ipv6_address_on_creation" {
+  description = "Assign IPv6 address on elasticache subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
+  type        = bool
+  default     = null
+}
+
+variable "intra_subnet_assign_ipv6_address_on_creation" {
+  description = "Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
+  type        = bool
+  default     = null
+}
+
 variable "secondary_cidr_blocks" {
  description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool"
  type        = list(string)