terraform-aws-modules · sribiere-jellysmack · Aug 8, 2024 · Aug 8, 2024 · Aug 9, 2024 · Aug 9, 2024
diff --git a/README.md b/README.md
@@ -254,9 +254,10 @@ module "lambda_function_in_vpc" {
 
   source_path = "../fixtures/python-app1"
 
-  vpc_subnet_ids         = module.vpc.intra_subnets
-  vpc_security_group_ids = [module.vpc.default_security_group_id]
-  attach_network_policy = true
+  vpc_subnet_ids              = module.vpc.intra_subnets
+  vpc_security_group_ids      = [module.vpc.default_security_group_id]
+  attach_network_policy       = true
+  ipv6_allowed_for_dual_stack = true
 }
 
 module "vpc" {
@@ -804,6 +805,7 @@ No modules.
 | <a name="input_image_config_working_directory"></a> [image\_config\_working\_directory](#input\_image\_config\_working\_directory) | The working directory for the docker image | `string` | `null` | no |
 | <a name="input_image_uri"></a> [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. | `string` | `null` | no |
 | <a name="input_invoke_mode"></a> [invoke\_mode](#input\_invoke\_mode) | Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE\_STREAM. | `string` | `null` | no |
+| <a name="input_ipv6_allowed_for_dual_stack"></a> [ipv6\_allowed\_for\_dual\_stack](#input\_ipv6\_allowed\_for\_dual\_stack) | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is false. | `bool` | `false` | no |
 | <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no |
 | <a name="input_lambda_at_edge"></a> [lambda\_at\_edge](#input\_lambda\_at\_edge) | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no |
 | <a name="input_lambda_at_edge_logs_all_regions"></a> [lambda\_at\_edge\_logs\_all\_regions](#input\_lambda\_at\_edge\_logs\_all\_regions) | Whether to specify a wildcard in IAM policy used by Lambda@Edge to allow logging in all regions | `bool` | `true` | no |

diff --git a/examples/with-vpc/main.tf b/examples/with-vpc/main.tf
@@ -23,6 +23,7 @@ module "lambda_function_in_vpc" {
 
   vpc_subnet_ids                     = module.vpc.intra_subnets
   vpc_security_group_ids             = [module.vpc.default_security_group_id]
+  ipv6_allowed_for_dual_stack        = true
   attach_network_policy              = true
   replace_security_groups_on_destroy = true
   replacement_security_group_ids     = [module.vpc.default_security_group_id]

diff --git a/main.tf b/main.tf
@@ -91,8 +91,9 @@ resource "aws_lambda_function" "this" {
   dynamic "vpc_config" {
     for_each = var.vpc_subnet_ids != null && var.vpc_security_group_ids != null ? [true] : []
     content {
-      security_group_ids = var.vpc_security_group_ids
-      subnet_ids         = var.vpc_subnet_ids
+      security_group_ids          = var.vpc_security_group_ids
+      subnet_ids                  = var.vpc_subnet_ids
+      ipv6_allowed_for_dual_stack = var.ipv6_allowed_for_dual_stack
     }
   }
 

diff --git a/variables.tf b/variables.tf
@@ -176,6 +176,12 @@ variable "vpc_security_group_ids" {
   default     = null
 }
 
+variable "ipv6_allowed_for_dual_stack" {
+  description = "Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is false."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A map of tags to assign to resources."
   type        = map(string)

diff --git a/wrappers/main.tf b/wrappers/main.tf
@@ -68,6 +68,7 @@ module "wrapper" {
   image_config_working_directory               = try(each.value.image_config_working_directory, var.defaults.image_config_working_directory, null)
   image_uri                                    = try(each.value.image_uri, var.defaults.image_uri, null)
   invoke_mode                                  = try(each.value.invoke_mode, var.defaults.invoke_mode, null)
+  ipv6_allowed_for_dual_stack                  = try(each.value.ipv6_allowed_for_dual_stack, var.defaults.ipv6_allowed_for_dual_stack, false)
   kms_key_arn                                  = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null)
   lambda_at_edge                               = try(each.value.lambda_at_edge, var.defaults.lambda_at_edge, false)
   lambda_at_edge_logs_all_regions              = try(each.value.lambda_at_edge_logs_all_regions, var.defaults.lambda_at_edge_logs_all_regions, true)