-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add BYOIP usage support to VPCs #17425
Comments
Support for a |
See #8876 for partial fix to this. |
Related #21998 Need to scope of effort to to finish BYOIP. |
You can achieve this by using terraform to provision a cloudformation stack with a AWS::EC2::VPCCidrBlock resource. e.g. resource "aws_cloudformation_stack" "ipv6" {
name = "terraform-cf"
parameters = {
IPv6Cidr = local.ipv6_cidr
IPv6Poolid = local.ipv6_pool_id
VpcId = local.vpc_id
}
template_body = <<STACK
{
"Parameters": {
"IPv6Cidr": {
"Type": "String",
"Description": "Enter the IPv6 CIDR block for the VPC."
},
"IPv6Poolid": {
"Type": "String",
"Description": "Enter the IPv6 Pool ID for the CIDR block."
},
"VpcId": {
"Type": "String",
"Description": "Enter the VPC ID."
}
},
"Resources": {
"myVpc": {
"Type": "AWS::EC2::VPCCidrBlock",
"Properties": {
"Ipv6CidrBlock": {
"Ref": "IPv6Cidr"
},
"Ipv6Pool": {
"Ref": "IPv6Poolid"
},
"VpcId": {
"Ref": "VpcId"
}
}
}
}
}
STACK
} Then ensure you include a |
I didn't see it on the list. But I would like the ability to start advertising the BYOIP CIDR. You can currently bring it into IPAM> But you cannot advertise it in Terraform. |
Community Note
Description
There are a variety of components that need to be added and update to allow for the creation of VPCs when using BYOIP, especially since the support for IPv6 BYOIP was added. This feature request only defines the changes needed to utilise the BYOIP blocks not the loading and activation of the BYOIP blocks (as such we exclude the provision-byoip-cidr, advertise-byoip-cidr, and withdraw-byoip-cidr CLI command functionality)
User Stories
This last User story allows us to deal with certain network applications that do not function well behind NAT connections, by creating a VPC with the same network range as your public range you can then trick the application in thinking it is not behind NAT.
Let's say you have 1.2.3.0/24 as your BYOIP block, you create a VPC that also has 1.2.3.0/24 as its subnet then you can spin up instances inside that VPC that have IPs in this IP range on the EC2 instance. By then allocating an EIP with the exact same IP to these instances to the world and the application they all believe they are on this IP and the network traffic gets routed correctly. (It looks crazy but it works).
New or Affected Resource(s)
Potential Terraform Configuration
References
BYOIP
aws_vpc change:
aws_vpc_ipv6_pools addition:
aws_vpc_public_ipv4_pools addtion:
aws_vpc_ipv6_cidr_block_association addition:
aws_eip change:
The text was updated successfully, but these errors were encountered: