Skip to content

T
terraform-aws-vpc
Switch branch/tag
Find file
BlameHistoryPermalink
  • Anton Babenko's avatar
    Network ACLs (#238) · 65b893a6
    Anton Babenko authored 
    * Add variables for network ACLs

Add variables for specifying network ACLs for public, private, and
intra subnets. The ACLs are defined in a list, with sets of seven
elements for the rule number, rule action, from port, to port,
protocol, and cidr block.

* Add variables for network ACL tags

Add variables to specify additional tags for public, private, and intra
network ACL resources.

* Add resources for network ACLs

Add aws_network_acl and aws_network_acl_rule resources to specify
inbound and outbound network ACL rules for public, private, and intra
subnets.

* Add resource for default network ACL

Add a aws_default_network_acl resource to adopt the default network ACL
in the VPC.

* Adjust spacing to match code style

Remove the empty lines after comment blocks for network ACLs to match
the style of the rest of this module.

* Copy simple-vpc example as network-acls

Copy the simple-vpc example and adapt it to demonstrate the
configuration of network ACLs. A set of inbound and outbound ACLs are
specified in main.tf.

* Rename variables from _acls to _acl_rules

Clarify the variables for specifying ACL rules by renaming them from
*_acls to *_acl_rules. The values are used to create rules, not create
ACLs.

* Add nacl resources and variables for other subnets

Add aws_network_acl and aws_network_acl_rule resources for database,
redshift, and elasticache subnets, along with corresponding variables.
This provides network ACL coverage to all subnet types produced by this
module.

* Create ACLs only if there are subnets

For each subnet type, only create ACL resources if there are subnets
defined. For example, if database_subnets is empty, then don't create
ACL resources for database subnets.

* Add missing variables for ACL tags

Add the missing variable declarations for database_acl_tags,
redshift_acl_tags, and elasticache_acl_tags.

* Make ACL singular in description for _acl_tags

A single ACL is created for each of the subnet types. Update the
variable descriptions to reflect this.

* Convert rules to nested list of maps

Convert the NACL rule specifications from a list of lists to a list of
maps, as suggested by @jczerniak. This improves the readability of
rules.

* Restructure example config to use locals

Restructure the network ACL rules in the network-acls example to use
local variables to specify the rules, split between default and custom
rules.

* Follow-up for #174
    65b893a6
main.tf 36.9 KB