fix ipv6 support

Author: AndreiOmelchenko

common/run_config.go

@@ -566,10 +566,10 @@ type RunConfig struct {
 	Placement Placement `mapstructure:"placement" required:"false"`
 	// Deprecated: Use Placement Tenancy instead.
 	Tenancy string `mapstructure:"tenancy" required:"false"`
-	// A list of IPv4 CIDR blocks to be authorized access to the instance, when
+	// A list of IPv4/IPv6 CIDR blocks to be authorized access to the instance, when
 	// packer is creating a temporary security group.
 	//
-	// The default is [`0.0.0.0/0`] (i.e., allow any IPv4 source).
+	// The default is [`0.0.0.0/0`] (i.e., allow any IPv4 source) and if ssh_interface is set as "ipv6" the default is [`::/0`] (i.e., allow any IPv6 source).
 	// Use `temporary_security_group_source_public_ip` to allow current host's
 	// public IP instead of any IPv4 source.
 	// This is only used when `security_group_id` or `security_group_ids` is not
@@ -650,7 +650,7 @@ type RunConfig struct {
 	// Communicator settings
 	Comm communicator.Config `mapstructure:",squash"`
 
-	// One of `public_ip`, `private_ip`, `public_dns`, `private_dns` or `session_manager`.
+	// One of `public_ip`, `private_ip`, `public_dns`, `private_dns`, `ipv6` or `session_manager`.
 	//    If set, either the public IP address, private IP address, public DNS name
 	//    or private DNS name will be used as the host for SSH. The default behaviour
 	//    if inside a VPC is to use the public IP address if available, otherwise
@@ -662,6 +662,10 @@ type RunConfig struct {
 	//    `<region>.compute.internal` included in the `NO_PROXY` environment
 	//    variable.
 	//
+	//	  When using `ipv6` the VPC and subnet must be configured to support IPv6.
+	//	  The default VPC and subnets do not have ipv6 configured by default.
+	//	  Refer: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-migrate-ipv6-add.html
+	//
 	//    When using `session_manager` the machine running Packer must have
 	//	  the AWS Session Manager Plugin installed and within the users' system path.
 	//    Connectivity via the `session_manager` interface establishes a secure tunnel
@@ -777,6 +781,7 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
 		c.SSHInterface != "private_ip" &&
 		c.SSHInterface != "public_dns" &&
 		c.SSHInterface != "private_dns" &&
+		c.SSHInterface != "ipv6" &&
 		c.SSHInterface != "session_manager" &&
 		c.SSHInterface != "" {
 		errs = append(errs, fmt.Errorf("Unknown interface type: %s", c.SSHInterface))
@@ -865,7 +870,11 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
 	}
 
 	if len(c.TemporarySGSourceCidrs) == 0 && !c.TemporarySGSourcePublicIp {
-		c.TemporarySGSourceCidrs = []string{"0.0.0.0/0"}
+		if c.SSHInterface == "ipv6" {
+			c.TemporarySGSourceCidrs = []string{"::/0"}
+		} else {
+			c.TemporarySGSourceCidrs = []string{"0.0.0.0/0"}
+		}
 	} else {
 		for _, cidr := range c.TemporarySGSourceCidrs {
 			if _, _, err := net.ParseCIDR(cidr); err != nil {

common/ssh.go

@@ -60,6 +60,10 @@ func SSHHost(ctx context.Context, e ec2Describer, sshInterface string, host stri
 					if i.PrivateDnsName != nil {
 						host = *i.PrivateDnsName
 					}
+				case "ipv6":
+					if i.Ipv6Address != nil {
+						host = *i.Ipv6Address
+					}
 				default:
 					panic(fmt.Sprintf("Unknown interface type: %s", sshInterface))
 				}

common/step_security_group.go

@@ -7,6 +7,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"net"
 	"strings"
 	"time"
 
@@ -177,11 +178,25 @@ func (s *StepSecurityGroup) Run(ctx context.Context, state multistep.StateBag) m
 	// map the list of temporary security group CIDRs bundled with config to
 	// types expected by EC2.
 	groupIpRanges := []ec2types.IpRange{}
+	groupIpv6Ranges := []ec2types.Ipv6Range{}
 	for _, cidr := range temporarySGSourceCidrs {
-		ipRange := ec2types.IpRange{
-			CidrIp: aws.String(cidr),
+		_, ipNet, err := net.ParseCIDR(cidr)
+		if err != nil {
+			ui.Error(err.Error())
+			state.Put("error", err)
+			return multistep.ActionHalt
+		}
+		if ipNet.IP.To4() != nil {
+			// IPv4 CIDR
+			groupIpRanges = append(groupIpRanges, ec2types.IpRange{
+				CidrIp: aws.String(cidr),
+			})
+		} else {
+			// IPv6 CIDR
+			groupIpv6Ranges = append(groupIpv6Ranges, ec2types.Ipv6Range{
+				CidrIpv6: aws.String(cidr),
+			})
 		}
-		groupIpRanges = append(groupIpRanges, ipRange)
 	}
 
 	// Set some state data for use in future steps
@@ -199,6 +214,7 @@ func (s *StepSecurityGroup) Run(ctx context.Context, state multistep.StateBag) m
 			{
 				FromPort:   aws.Int32(int32(port)),
 				ToPort:     aws.Int32(int32(port)),
+				Ipv6Ranges: groupIpv6Ranges,
 				IpRanges:   groupIpRanges,
 				IpProtocol: aws.String("tcp"),
 			},