diff --git a/README.md b/README.md
index dbbf0fb1..af7abf44 100644
--- a/README.md
+++ b/README.md
@@ -254,9 +254,10 @@ module "lambda_function_in_vpc" {
source_path = "../fixtures/python-app1"
- vpc_subnet_ids = module.vpc.intra_subnets
- vpc_security_group_ids = [module.vpc.default_security_group_id]
- attach_network_policy = true
+ vpc_subnet_ids = module.vpc.intra_subnets
+ vpc_security_group_ids = [module.vpc.default_security_group_id]
+ attach_network_policy = true
+ ipv6_allowed_for_dual_stack = true
}
module "vpc" {
@@ -804,6 +805,7 @@ No modules.
| [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no |
| [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no |
| [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no |
+| [ipv6\_allowed\_for\_dual\_stack](#input\_ipv6\_allowed\_for\_dual\_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is false. | `bool` | `false` | no |
| [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no |
| [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no |
| [lambda\_at\_edge\_logs\_all\_regions](#input\_lambda\_at\_edge\_logs\_all\_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no |
diff --git a/examples/with-vpc/main.tf b/examples/with-vpc/main.tf
index d373d724..4514fb17 100644
--- a/examples/with-vpc/main.tf
+++ b/examples/with-vpc/main.tf
@@ -23,6 +23,7 @@ module "lambda_function_in_vpc" {
vpc_subnet_ids = module.vpc.intra_subnets
vpc_security_group_ids = [module.vpc.default_security_group_id]
+ ipv6_allowed_for_dual_stack = true
attach_network_policy = true
replace_security_groups_on_destroy = true
replacement_security_group_ids = [module.vpc.default_security_group_id]
diff --git a/main.tf b/main.tf
index fc231abe..3f3023c1 100644
--- a/main.tf
+++ b/main.tf
@@ -92,8 +92,9 @@ resource "aws_lambda_function" "this" {
dynamic "vpc_config" {
for_each = var.vpc_subnet_ids != null && var.vpc_security_group_ids != null ? [true] : []
content {
- security_group_ids = var.vpc_security_group_ids
- subnet_ids = var.vpc_subnet_ids
+ security_group_ids = var.vpc_security_group_ids
+ subnet_ids = var.vpc_subnet_ids
+ ipv6_allowed_for_dual_stack = var.ipv6_allowed_for_dual_stack
}
}
diff --git a/variables.tf b/variables.tf
index 829019c7..a651afb9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -176,6 +176,12 @@ variable "vpc_security_group_ids" {
default = null
}
+variable "vpc_ipv6_allowed_for_dual_stack" {
+ description = "Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is false."
+ type = bool
+ default = false
+}
+
variable "tags" {
description = "A map of tags to assign to resources."
type = map(string)
diff --git a/wrappers/main.tf b/wrappers/main.tf
index 72695c41..e7518485 100644
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@@ -68,6 +68,7 @@ module "wrapper" {
image_config_working_directory = try(each.value.image_config_working_directory, var.defaults.image_config_working_directory, null)
image_uri = try(each.value.image_uri, var.defaults.image_uri, null)
invoke_mode = try(each.value.invoke_mode, var.defaults.invoke_mode, null)
+ ipv6_allowed_for_dual_stack = try(each.value.ipv6_allowed_for_dual_stack, var.defaults.ipv6_allowed_for_dual_stack, false)
kms_key_arn = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null)
lambda_at_edge = try(each.value.lambda_at_edge, var.defaults.lambda_at_edge, false)
lambda_at_edge_logs_all_regions = try(each.value.lambda_at_edge_logs_all_regions, var.defaults.lambda_at_edge_logs_all_regions, true)