fix: Resource aws_default_network_acl orphaned subnet_ids (#530)

8634bcda · Jeremy Ciak · GitHub · 2179d203 · 8634bcda · 8634bcda
Commit 8634bcda authored Oct 21, 2020 by Jeremy Ciak Committed by GitHub Oct 21, 2020
Show whitespace changes
Inline Side-by-side

Showing with 24 additions and 2 deletions

main.tf examples/network-acls/main.tf +3 -2

main.tf main.tf +21 -0

No files found.
--- a/examples/network-acls/main.tf
+++ b/examples/network-acls/main.tf
@@ -28,9 +28,11 @@ module "vpc" {
    local.network_acls["elasticache_outbound"],
  )

-  private_dedicated_network_acl     = true
+  private_dedicated_network_acl     = false
  elasticache_dedicated_network_acl = true

+  manage_default_network_acl = true
+
  enable_ipv6 = true

  enable_nat_gateway = false
@@ -200,4 +202,3 @@ locals {
    ]
  }
 }
-
--- a/main.tf
+++ b/main.tf
@@ -534,6 +534,27 @@ resource "aws_default_network_acl" "this" {

  default_network_acl_id = element(concat(aws_vpc.this.*.default_network_acl_id, [""]), 0)

+  # The value of subnet_ids should be any subnet IDs that are not set as subnet_ids
+  #   for any of the non-default network ACLs
+  subnet_ids = setsubtract(
+    compact(flatten([
+      aws_subnet.public.*.id,
+      aws_subnet.private.*.id,
+      aws_subnet.intra.*.id,
+      aws_subnet.database.*.id,
+      aws_subnet.redshift.*.id,
+      aws_subnet.elasticache.*.id,
+    ])),
+    compact(flatten([
+      aws_network_acl.public.*.subnet_ids,
+      aws_network_acl.private.*.subnet_ids,
+      aws_network_acl.intra.*.subnet_ids,
+      aws_network_acl.database.*.subnet_ids,
+      aws_network_acl.redshift.*.subnet_ids,
+      aws_network_acl.elasticache.*.subnet_ids,
+    ]))
+  )
+
  dynamic "ingress" {
    for_each = var.default_network_acl_ingress
    content {