Single VPC multiple network border groups (for LocalZones)

[baryluk]

Hi.

Thanks for the vpc module, it makes it pretty easy to setup quite uniform and standardized setups. And with less code than manual resources.

But there is a bit of inflexibility when adding LocalZones.

We have number of VPCs in various regions. Usually with subnets in all 3-5 azs. Most of them do have IPv6 enabled, with single IPv6 cidr per VPC.

We wanted to now expand one of this VPCs, with extra local zones in that region. That is to make single VPC span multiple network border groups.

But, because IPv6 is global unicast, and each CIDR IPv6 prefix is assosciated with a single network border group (makes sense), we cannot just add extra azids of LocalZones to the existing VPC, as creating subnets there with same parent CIDR IPv6 prefix , will cause an issue (they are in the wrong network border group).

Of course we can create these LocalZone subnets manually, but also route tables, route associations, and also plug them manually into transit gateways, etc.

It would be nice to have more flexibility in the vpc module:

• Be able to disable IPv6 in some subnets
• Be able to add extra CIDRs with different network border group, and tell which subnets use which CIDR (i.e. by default to use a default / primary CIDR, but have override for LocalZones for example).

Regards.

@aneagoe FYI