Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPv6 Addresses can't be added to cidr_block #14

Open
Stretch96 opened this issue Dec 12, 2018 · 1 comment
Open

IPv6 Addresses can't be added to cidr_block #14

Stretch96 opened this issue Dec 12, 2018 · 1 comment

Comments

@Stretch96
Copy link
Contributor

The default for public_alb_whitelist is set to ["0.0.0.0/0", "::/0"]

This makes the module, with default settings error:

* aws_security_group.alb_sg: Error authorizing security group ingress rules: InvalidParameterValue: CIDR block ::/0 is malformed

hashicorp/terraform#14382

We need to use ipv6_cidr_blocks if we want to implement IPv6:

resource "aws_security_group" "test" {
  vpc_id = "${var.vpc}"
  name        = "Test"
  description = "Test"

  # Allow all outgoing:
  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
  }
  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    ipv6_cidr_blocks     = ["::/0"]
  }
}

A workaround is just to set public_alb_whitelist to ["0.0.0.0/0"] (Or your list of IPv4 addresses)

I'll open a PR to just remove the "::/0" from the default for now
Stretch96 added a commit to dxw/terraform-aws-ecs-service that referenced this issue Dec 12, 2018
@Stretch96
(Fix) Remove IPv6 address from public_alb_whitelist default
0cec7b0 
* This is passed to `cidr_block` which doesn't support IPv6 addresses
* npalm#14
@Stretch96 Stretch96 mentioned this issue Dec 12, 2018
Merged
Stretch96 added a commit to dxw/terraform-aws-ecs-service that referenced this issue Dec 12, 2018
@Stretch96
(Fix) Remove IPv6 address from public_alb_whitelist default
1e56355 
* This is passed to `cidr_block` which doesn't support IPv6 addresses
* npalm#14
Stretch96 added a commit to dxw/terraform-aws-ecs-service that referenced this issue Dec 15, 2018
@Stretch96
(Fix) Remove IPv6 address from public_alb_whitelist default
50f8a90 
* This is passed to `cidr_block` which doesn't support IPv6 addresses
* npalm#14
@easyrun32
Copy link 

ipv6_cidr_blocks = ["::/0"]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Stretch96 @easyrun32