add AWS VPC IPAM resources and update load balancer configuration for IPAM pools

dvrkni · dvrkni · commit bd2e9c311c31 · 2025-04-16T13:46:34.000+03:00
diff --git a/README.md b/README.md
@@ -411,6 +411,7 @@ No modules.
 | <a name="input_idle_timeout"></a> [idle\_timeout](#input\_idle\_timeout) | The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: `60` | `number` | `null` | no |
 | <a name="input_internal"></a> [internal](#input\_internal) | If true, the LB will be internal. Defaults to `false` | `bool` | `null` | no |
 | <a name="input_ip_address_type"></a> [ip\_address\_type](#input\_ip\_address\_type) | The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack` | `string` | `null` | no |
+| <a name="input_ipam_pools"></a> [ipam\_pools](#input\_ipam\_pools) | The IPAM pools to use with the load balancer | `map(string)` | `{}` | no |
 | <a name="input_listeners"></a> [listeners](#input\_listeners) | Map of listener configurations to create | `any` | `{}` | no |
 | <a name="input_load_balancer_type"></a> [load\_balancer\_type](#input\_load\_balancer\_type) | The type of load balancer to create. Possible values are `application`, `gateway`, or `network`. The default value is `application` | `string` | `"application"` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen | `string` | `null` | no |
diff --git a/examples/complete-alb/README.md b/examples/complete-alb/README.md
@@ -54,6 +54,9 @@ Note that this example may create resources which cost money. Run `terraform des
 | [aws_cognito_user_pool_domain.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool_domain) | resource |
 | [aws_instance.other](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
 | [aws_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
+| [aws_vpc_ipam.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam) | resource |
+| [aws_vpc_ipam_pool.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool) | resource |
+| [aws_vpc_ipam_pool_cidr.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr) | resource |
 | [null_resource.download_package](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [random_string.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
diff --git a/examples/complete-alb/main.tf b/examples/complete-alb/main.tf
@@ -67,6 +67,10 @@ module "alb" {
     prefix  = "connection-logs"
   }
 
+  ipam_pools = {
+    ipv4_ipam_pool_id = aws_vpc_ipam_pool.this.id
+  }
+
   client_keep_alive = 7200
 
   listeners = {
@@ -660,3 +664,28 @@ module "log_bucket" {
 
   tags = local.tags
 }
+
+##################################################################
+# AWS VPC IPAM
+##################################################################
+
+resource "aws_vpc_ipam" "this" {
+  operating_regions {
+    region_name = local.region
+  }
+}
+
+resource "aws_vpc_ipam_pool" "this" {
+  address_family                    = "ipv4"
+  ipam_scope_id                     = aws_vpc_ipam.this.public_default_scope_id
+  locale                            = local.region
+  allocation_default_netmask_length = 30
+
+  public_ip_source = "amazon"
+  aws_service      = "ec2"
+}
+
+resource "aws_vpc_ipam_pool_cidr" "this" {
+  ipam_pool_id   = aws_vpc_ipam_pool.this.id
+  netmask_length = 30
+}
diff --git a/main.tf b/main.tf
@@ -31,6 +31,13 @@ resource "aws_lb" "this" {
     }
   }
 
+  dynamic "ipam_pools" {
+    for_each = length(var.ipam_pools) > 0 ? [var.ipam_pools] : []
+    content {
+      ipv4_ipam_pool_id = ipam_pools.value.ipv4_ipam_pool_id
+    }
+  }
+
   client_keep_alive                                            = var.client_keep_alive
   customer_owned_ipv4_pool                                     = var.customer_owned_ipv4_pool
   desync_mitigation_mode                                       = var.desync_mitigation_mode
diff --git a/variables.tf b/variables.tf
@@ -26,6 +26,12 @@ variable "connection_logs" {
   default     = {}
 }
 
+variable "ipam_pools" {
+  description = "The IPAM pools to use with the load balancer"
+  type        = map(string)
+  default     = {}
+}
+
 variable "client_keep_alive" {
   description = "Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds."
   type        = number

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,13 @@ resource "aws_lb" "this" {`
`31`	`31`	`}`
`32`	`32`	`}`
`33`	`33`
	`34`	`+ dynamic "ipam_pools" {`
	`35`	`+ for_each = length(var.ipam_pools) > 0 ? [var.ipam_pools] : []`
	`36`	`+ content {`
	`37`	`+ ipv4_ipam_pool_id = ipam_pools.value.ipv4_ipam_pool_id`
	`38`	`+ }`
	`39`	`+ }`
	`40`	`+`
`34`	`41`	`client_keep_alive = var.client_keep_alive`
`35`	`42`	`customer_owned_ipv4_pool = var.customer_owned_ipv4_pool`
`36`	`43`	`desync_mitigation_mode = var.desync_mitigation_mode`