Merge pull request #17 from silinternational/ipv6

add IPv6 option
silinternational · Dec 2, 2024 · 1ee31b1 · 1ee31b1
2 parents 17b7beb + b686804
commit 1ee31b1
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 14 deletions.
diff --git a/main.tf b/main.tf
@@ -2,7 +2,6 @@ locals {
   app_name_and_env = "${var.app_name}-${local.app_env}"
   app_env          = var.app_env
 
-  db_host     = module.rds.address
   db_password = random_password.db_root.result
 
   account = data.aws_caller_identity.this.account_id
@@ -65,7 +64,6 @@ resource "aws_iam_user_policy" "cd" {
         Action = [
           "ecs:ListTasks",
         ]
-        "Effect" : "Allow",
         "Condition" : {
           "ArnEquals" : {
             "ecs:cluster" : "arn:aws:ecs:*:${local.account}:cluster/${module.ecsasg.ecs_cluster_name}"

diff --git a/variables.tf b/variables.tf
@@ -146,6 +146,18 @@ variable "default_cert_domain_name" {
   type        = string
 }
 
+variable "disable_public_ipv4" {
+  description = "Set to true to remove the public IPv4 addresses from the ALB. Requires enable_ipv6 = true"
+  type        = bool
+  default     = false
+}
+
+variable "enable_ipv6" {
+  description = "Set to true to enable IPV6 in the ALB and VPC"
+  type        = bool
+  default     = false
+}
+
 variable "health_check" {
   description = "Elastic Load Balancer health check configuration"
   type        = map(string)

diff --git a/vpc.tf b/vpc.tf
@@ -6,9 +6,10 @@ module "vpc" {
   source  = "silinternational/vpc/aws"
   version = "~> 1.0"
 
-  app_name  = var.app_name
-  app_env   = var.app_env
-  aws_zones = var.aws_zones
+  app_name    = var.app_name
+  app_env     = var.app_env
+  aws_zones   = var.aws_zones
+  enable_ipv6 = var.enable_ipv6
 }
 
 /*
@@ -91,15 +92,19 @@ data "aws_acm_certificate" "default" {
  * Create application load balancer for public access
  */
 module "alb" {
-  source          = "github.com/silinternational/terraform-modules//aws/alb?ref=8.13.3"
-  app_name        = var.app_name
-  app_env         = var.app_env
-  internal        = "false"
-  vpc_id          = module.vpc.id
-  security_groups = [module.vpc.vpc_default_sg_id, module.cloudflare-sg.id]
-  subnets         = module.vpc.public_subnet_ids
-  certificate_arn = data.aws_acm_certificate.default.arn
-  tg_name         = "default-${var.app_name}-${var.app_env}"
+  source  = "silinternational/alb/aws"
+  version = "~> 1.1"
+
+  app_name            = var.app_name
+  app_env             = var.app_env
+  enable_ipv6         = var.enable_ipv6
+  disable_public_ipv4 = var.disable_public_ipv4
+  internal            = "false"
+  vpc_id              = module.vpc.id
+  security_groups     = [module.vpc.vpc_default_sg_id, module.cloudflare-sg.id]
+  subnets             = module.vpc.public_subnet_ids
+  certificate_arn     = data.aws_acm_certificate.default.arn
+  tg_name             = "default-${var.app_name}-${var.app_env}"
 }
 
 /*
@@ -121,4 +126,5 @@ module "ecsasg" {
   use_amazon_linux2     = true
   instance_type         = var.instance_type
   tags                  = var.asg_tags
+  enable_ipv6           = var.enable_ipv6
 }