Add optional ipv6 support for the single-port-sg module as well

fpco · Mar 21, 2020 · e5113f0 · e5113f0
1 parent 083e5d4
commit e5113f0
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/modules/single-port-sg/main.tf b/modules/single-port-sg/main.tf
@@ -17,6 +17,12 @@ variable "cidr_blocks" {
   type        = list(string)
 }
 
+variable "ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR block ranges that the SG allows ingress from"
+  type        = list(string)
+  default     = []
+}
+
 variable "description" {
   description = "Use this string to add a description for the SG rule"
   type        = string
@@ -53,6 +59,7 @@ resource "aws_security_group_rule" "tcp_ingress" {
   to_port           = var.port
   protocol          = "tcp"
   cidr_blocks       = var.cidr_blocks
+  ipv6_cidr_blocks  = var.ipv6_cidr_blocks
   security_group_id = var.security_group_id
 }
 
@@ -65,5 +72,6 @@ resource "aws_security_group_rule" "udp_ingress" {
   to_port           = var.port
   protocol          = "udp"
   cidr_blocks       = var.cidr_blocks
+  ipv6_cidr_blocks  = var.ipv6_cidr_blocks
   security_group_id = var.security_group_id
 }