From 2f9dd5dc99e2cbe076c6d7de63f1933dc2abeb1baa9912fdbf0232384efc0463 Mon Sep 17 00:00:00 2001
From: xpk <xpk@headdesk.me>
Date: Thu, 19 Feb 2026 18:14:24 +0800
Subject: [PATCH] feat: added ipv6 support for ingress sg rule

---
 modules/compute/security_group/main.tf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/compute/security_group/main.tf b/modules/compute/security_group/main.tf
index 9119126..190434a 100644
--- a/modules/compute/security_group/main.tf
+++ b/modules/compute/security_group/main.tf
@@ -20,7 +20,8 @@ resource "aws_vpc_security_group_ingress_rule" "ingress-rules" {
   ip_protocol                  = split(",", each.value)[0]
   from_port                    = split(",", each.value)[1]
   to_port                      = split(",", each.value)[2]
-  cidr_ipv4                    = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
+  cidr_ipv4                    = can(regex("^([0-9]+\\.){3}[0-9]+\\/[0-9]+$", split(",", each.value)[3])) ? split(",", each.value)[3] : null
+  cidr_ipv6                    = strcontains(split(",", each.value)[3], "::") ? split(",", each.value)[3] : null
   referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null
   prefix_list_id               = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null
   description                  = split(",", each.value)[4]
@@ -32,7 +33,7 @@ resource "aws_vpc_security_group_egress_rule" "egress-rules" {
   ip_protocol                  = split(",", each.value)[0]
   from_port                    = split(",", each.value)[1]
   to_port                      = split(",", each.value)[2]
-  cidr_ipv4                    = can(regex("^([0-9]+\\.){3}[0-9]+\\/[0-9]+$", split(",", each.value)[3])) ? split(",", each.value)[3] : null # substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
+  cidr_ipv4                    = can(regex("^([0-9]+\\.){3}[0-9]+\\/[0-9]+$", split(",", each.value)[3])) ? split(",", each.value)[3] : null
   cidr_ipv6                    = strcontains(split(",", each.value)[3], "::") ? split(",", each.value)[3] : null
   referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null
   prefix_list_id               = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null