[aws] open-port doesn't allow IPv6 connections

Juju does not support IPv6 yet.

Still biting us. Would be nice to at least just add a secgroup to allow connections from '::/0', so Ipv6Ranges and CidrIpv6 in addition to IpRanges and CidrIp.

At the moment, we're using the AWS CLI to work around this. The commands are:

| aws ec2 describe-instances --filters "Name=tag:juju-units-deployed,Values=content-cache/*" --query 'Reservations[*].Instances[*].SecurityGroups[*]' --output table | awk '/juju-.*-[[:digit:]]*[[:space:]]/ { print $2 }'

These are for units deployed as 'content-cache'. It will then give a list of secgroup IDs which you iterate through and add the missing rules:

| aws ec2 authorize-security-group-ingress --group-id $SECGROUP_ID --ip-permissions IpProtocol=tcp,FromPort=80,ToPort=80,Ipv6Ranges='[{CidrIpv6=::/0,Description="Work around LP:1709312"}]'

You'll need to re-run these commands after each environment change, such as adding or removing of units and applications.

Ran into this issue again today when adding some additional apache units into aws, this would be a nice feature to have.

Similar one for OpenStack filed back in 2017, LP:1709312

I think hloeung means LP:1666537

Ah yes, LP:1666537.

This has technically been working for a while. PR below just enshrines the behavior a bit better.

PR: https://bugs.launchpad.net/juju/+bug/1709312