cloudposse · johnseekins-pathccm · Dec 5, 2024 · Dec 5, 2024 · Dec 9, 2024 · Dec 9, 2024
@@ -135,9 +135,9 @@ locals {
   ipv6_egress_only_configured = local.ipv6_enabled && length(var.ipv6_egress_only_igw_id) > 0
 
   public4_enabled  = local.public_enabled && local.ipv4_enabled
-  public6_enabled  = local.public_enabled && local.ipv6_enabled
+  public6_enabled  = local.public_enabled && local.ipv6_enabled && ! var.disable_public_ipv6
   private4_enabled = local.private_enabled && local.ipv4_enabled
-  private6_enabled = local.private_enabled && local.ipv6_enabled
+  private6_enabled = local.private_enabled && local.ipv6_enabled && ! var.disable_private_ipv6
 
   public_dns64_enabled = local.public6_enabled && var.public_dns64_nat64_enabled
   # Set the default for private_dns64_enabled to true unless there is no IPv4 egress to enable it.

@@ -102,6 +102,20 @@ variable "ipv6_enabled" {
   nullable    = false
 }
 
+variable "disable_private_ipv6" {
+  type        = bool
+  description = "Set `true` to disable IPv6 addresses in private subnets"
+  default     = false
+  nullable    = false
+}
+
+variable "disable_public_ipv6" {
+  type        = bool
+  description = "Set `true` to disable IPv6 addresses in public subnets"
+  default     = false
+  nullable    = false
+}
+
 variable "ipv4_cidr_block" {
   type        = list(string)
   description = <<-EOT