From d10189df7a49d52a5a82b5daf6675dda6aac897a66ae68d6d3d37bfc80df9321 Mon Sep 17 00:00:00 2001
From: xpk <xpk@headdesk.me>
Date: Thu, 19 Feb 2026 18:12:58 +0800
Subject: [PATCH] feat: added ipv6 support to egress sg rule

---
 modules/compute/security_group/main.tf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/compute/security_group/main.tf b/modules/compute/security_group/main.tf
index efb84c3..9119126 100644
--- a/modules/compute/security_group/main.tf
+++ b/modules/compute/security_group/main.tf
@@ -32,7 +32,8 @@ resource "aws_vpc_security_group_egress_rule" "egress-rules" {
   ip_protocol                  = split(",", each.value)[0]
   from_port                    = split(",", each.value)[1]
   to_port                      = split(",", each.value)[2]
-  cidr_ipv4                    = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
+  cidr_ipv4                    = can(regex("^([0-9]+\\.){3}[0-9]+\\/[0-9]+$", split(",", each.value)[3])) ? split(",", each.value)[3] : null # substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
+  cidr_ipv6                    = strcontains(split(",", each.value)[3], "::") ? split(",", each.value)[3] : null
   referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null
   prefix_list_id               = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null
   description                  = split(",", each.value)[4]