Added support for ICMP rules in Network ACL (#286)

* Added icmp_code and icmp_type values to non default acl rules.

* Added support for both ICMP and non-ICMP rules in NACL

examples/network-acls/README.md

 # Simple VPC with Network ACLs
 
-Configuration in this directory creates set of VPC resources along with network ACLs for public subnets.
-
-There is a public and private subnet created per availability zone in addition to single NAT Gateway shared between all 3 availability zones.
+Configuration in this directory creates set of VPC resources along with network ACLs for several subnets.
 
 Network ACL rules for inbound and outbound traffic are defined as the following:
-1. Public subnets will have network ACL rules provided
+1. Public and elasticache subnets will have network ACL rules provided
 1. Private subnets will be associated with the default network ACL rules (IPV4-only ingress and egress is open for all)
-1. Elasticache subnets will use the default network ACL (created and managed by AWS)
 
 ## Usage
 
@@ -28,6 +25,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 |------|-------------|
 | default\_network\_acl\_id | The ID of the default network ACL |
 | elasticache\_network\_acl\_id | ID of the elasticache network ACL |
+| module\_vpc | Module VPC |
 | nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway |
 | private\_network\_acl\_id | ID of the private network ACL |
 | private\_subnets | List of IDs of private subnets |

examples/network-acls/main.tf

@@ -23,8 +23,13 @@ module "vpc" {
     local.network_acls["default_outbound"],
     local.network_acls["public_outbound"],
   )
+  elasticache_outbound_acl_rules = concat(
+    local.network_acls["default_outbound"],
+    local.network_acls["elasticache_outbound"],
+  )
 
-  private_dedicated_network_acl = true
+  private_dedicated_network_acl     = true
+  elasticache_dedicated_network_acl = true
 
   enable_ipv6 = true
 
@@ -134,6 +139,40 @@ locals {
         protocol    = "tcp"
         cidr_block  = "10.0.100.0/22"
       },
+      {
+        rule_number = 140
+        rule_action = "allow"
+        icmp_code   = -1
+        icmp_type   = 8
+        protocol    = "icmp"
+        cidr_block  = "10.0.0.0/22"
+      },
+    ]
+    elasticache_outbound = [
+      {
+        rule_number = 100
+        rule_action = "allow"
+        from_port   = 80
+        to_port     = 80
+        protocol    = "tcp"
+        cidr_block  = "0.0.0.0/0"
+      },
+      {
+        rule_number = 110
+        rule_action = "allow"
+        from_port   = 443
+        to_port     = 443
+        protocol    = "tcp"
+        cidr_block  = "0.0.0.0/0"
+      },
+      {
+        rule_number = 140
+        rule_action = "allow"
+        icmp_code   = -1
+        icmp_type   = 12
+        protocol    = "icmp"
+        cidr_block  = "10.0.0.0/22"
+      },
     ]
   }
 }

examples/network-acls/outputs.tf

@@ -53,3 +53,7 @@ output "default_network_acl_id" {
   value       = module.vpc.default_network_acl_id
 }
 
+output "module_vpc" {
+  description = "Module VPC"
+  value       = module.vpc
+}