Added support for `ipv6_cidr_block` in network acls (#329)

Add support for `ipv6_cidr_block` in `*_{in|out}bound_acl_rules`. As a conseqeunce, the (ipv4) `cidr_block` is made optional.

Added support for `ipv6_cidr_block` in network acls (#329)
Add support for `ipv6_cidr_block` in `*_{in|out}bound_acl_rules`. As a conseqeunce, the (ipv4) `cidr_block` is made optional.
ec228e00 · Bas Zoetekouw · Anton Babenko · 4a91495e · ec228e00
Commit ec228e00 authored Sep 30, 2019 by Bas Zoetekouw Committed by Anton Babenko Sep 30, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 120 additions and 108 deletions

main.tf main.tf +120 -108

No files found.
--- a/main.tf
+++ b/main.tf
@@ -547,15 +547,16 @@ resource "aws_network_acl_rule" "public_inbound" {

  network_acl_id = aws_network_acl.public[0].id

-  egress      = false
-  rule_number = var.public_inbound_acl_rules[count.index]["rule_number"]
-  rule_action = var.public_inbound_acl_rules[count.index]["rule_action"]
-  from_port   = lookup(var.public_inbound_acl_rules[count.index], "from_port", null)
-  to_port     = lookup(var.public_inbound_acl_rules[count.index], "to_port", null)
-  icmp_code   = lookup(var.public_inbound_acl_rules[count.index], "icmp_code", null)
-  icmp_type   = lookup(var.public_inbound_acl_rules[count.index], "icmp_type", null)
-  protocol    = var.public_inbound_acl_rules[count.index]["protocol"]
-  cidr_block  = var.public_inbound_acl_rules[count.index]["cidr_block"]
+  egress          = false
+  rule_number     = var.public_inbound_acl_rules[count.index]["rule_number"]
+  rule_action     = var.public_inbound_acl_rules[count.index]["rule_action"]
+  from_port       = lookup(var.public_inbound_acl_rules[count.index], "from_port", null)
+  to_port         = lookup(var.public_inbound_acl_rules[count.index], "to_port", null)
+  icmp_code       = lookup(var.public_inbound_acl_rules[count.index], "icmp_code", null)
+  icmp_type       = lookup(var.public_inbound_acl_rules[count.index], "icmp_type", null)
+  protocol        = var.public_inbound_acl_rules[count.index]["protocol"]
+  cidr_block      = lookup(var.public_inbound_acl_rules[count.index], "cidr_block", null)
+  ipv6_cidr_block = lookup(var.public_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
 }

 resource "aws_network_acl_rule" "public_outbound" {
@@ -563,15 +564,16 @@ resource "aws_network_acl_rule" "public_outbound" {

  network_acl_id = aws_network_acl.public[0].id

-  egress      = true
-  rule_number = var.public_outbound_acl_rules[count.index]["rule_number"]
-  rule_action = var.public_outbound_acl_rules[count.index]["rule_action"]
-  from_port   = lookup(var.public_outbound_acl_rules[count.index], "from_port", null)
-  to_port     = lookup(var.public_outbound_acl_rules[count.index], "to_port", null)
-  icmp_code   = lookup(var.public_outbound_acl_rules[count.index], "icmp_code", null)
-  icmp_type   = lookup(var.public_outbound_acl_rules[count.index], "icmp_type", null)
-  protocol    = var.public_outbound_acl_rules[count.index]["protocol"]
-  cidr_block  = var.public_outbound_acl_rules[count.index]["cidr_block"]
+  egress          = true
+  rule_number     = var.public_outbound_acl_rules[count.index]["rule_number"]
+  rule_action     = var.public_outbound_acl_rules[count.index]["rule_action"]
+  from_port       = lookup(var.public_outbound_acl_rules[count.index], "from_port", null)
+  to_port         = lookup(var.public_outbound_acl_rules[count.index], "to_port", null)
+  icmp_code       = lookup(var.public_outbound_acl_rules[count.index], "icmp_code", null)
+  icmp_type       = lookup(var.public_outbound_acl_rules[count.index], "icmp_type", null)
+  protocol        = var.public_outbound_acl_rules[count.index]["protocol"]
+  cidr_block      = lookup(var.public_outbound_acl_rules[count.index], "cidr_block", null)
+  ipv6_cidr_block = lookup(var.public_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
 }

 #######################
@@ -597,15 +599,16 @@ resource "aws_network_acl_rule" "private_inbound" {

  network_acl_id = aws_network_acl.private[0].id

-  egress      = false
-  rule_number = var.private_inbound_acl_rules[count.index]["rule_number"]
-  rule_action = var.private_inbound_acl_rules[count.index]["rule_action"]
-  from_port   = lookup(var.private_inbound_acl_rules[count.index], "from_port", null)
-  to_port     = lookup(var.private_inbound_acl_rules[count.index], "to_port", null)
-  icmp_code   = lookup(var.private_inbound_acl_rules[count.index], "icmp_code", null)
-  icmp_type   = lookup(var.private_inbound_acl_rules[count.index], "icmp_type", null)
-  protocol    = var.private_inbound_acl_rules[count.index]["protocol"]
-  cidr_block  = var.private_inbound_acl_rules[count.index]["cidr_block"]
+  egress          = false
+  rule_number     = var.private_inbound_acl_rules[count.index]["rule_number"]
+  rule_action     = var.private_inbound_acl_rules[count.index]["rule_action"]
+  from_port       = lookup(var.private_inbound_acl_rules[count.index], "from_port", null)
+  to_port         = lookup(var.private_inbound_acl_rules[count.index], "to_port", null)
+  icmp_code       = lookup(var.private_inbound_acl_rules[count.index], "icmp_code", null)
+  icmp_type       = lookup(var.private_inbound_acl_rules[count.index], "icmp_type", null)
+  protocol        = var.private_inbound_acl_rules[count.index]["protocol"]
+  cidr_block      = lookup(var.private_inbound_acl_rules[count.index], "cidr_block", null)
+  ipv6_cidr_block = lookup(var.private_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
 }

 resource "aws_network_acl_rule" "private_outbound" {
@@ -613,15 +616,16 @@ resource "aws_network_acl_rule" "private_outbound" {

  network_acl_id = aws_network_acl.private[0].id

-  egress      = true
-  rule_number = var.private_outbound_acl_rules[count.index]["rule_number"]
-  rule_action = var.private_outbound_acl_rules[count.index]["rule_action"]
-  from_port   = lookup(var.private_outbound_acl_rules[count.index], "from_port", null)
-  to_port     = lookup(var.private_outbound_acl_rules[count.index], "to_port", null)
-  icmp_code   = lookup(var.private_outbound_acl_rules[count.index], "icmp_code", null)
-  icmp_type   = lookup(var.private_outbound_acl_rules[count.index], "icmp_type", null)
-  protocol    = var.private_outbound_acl_rules[count.index]["protocol"]
-  cidr_block  = var.private_outbound_acl_rules[count.index]["cidr_block"]
+  egress          = true
+  rule_number     = var.private_outbound_acl_rules[count.index]["rule_number"]
+  rule_action     = var.private_outbound_acl_rules[count.index]["rule_action"]
+  from_port       = lookup(var.private_outbound_acl_rules[count.index], "from_port", null)
+  to_port         = lookup(var.private_outbound_acl_rules[count.index], "to_port", null)
+  icmp_code       = lookup(var.private_outbound_acl_rules[count.index], "icmp_code", null)
+  icmp_type       = lookup(var.private_outbound_acl_rules[count.index], "icmp_type", null)
+  protocol        = var.private_outbound_acl_rules[count.index]["protocol"]
+  cidr_block      = lookup(var.private_outbound_acl_rules[count.index], "cidr_block", null)
+  ipv6_cidr_block = lookup(var.private_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
 }

 ########################
@@ -647,15 +651,16 @@ resource "aws_network_acl_rule" "intra_inbound" {

  network_acl_id = aws_network_acl.intra[0].id

-  egress      = false
-  rule_number = var.intra_inbound_acl_rules[count.index]["rule_number"]
-  rule_action = var.intra_inbound_acl_rules[count.index]["rule_action"]
-  from_port   = lookup(var.intra_inbound_acl_rules[count.index], "from_port", null)
-  to_port     = lookup(var.intra_inbound_acl_rules[count.index], "to_port", null)
-  icmp_code   = lookup(var.intra_inbound_acl_rules[count.index], "icmp_code", null)
-  icmp_type   = lookup(var.intra_inbound_acl_rules[count.index], "icmp_type", null)
-  protocol    = var.intra_inbound_acl_rules[count.index]["protocol"]
-  cidr_block  = var.intra_inbound_acl_rules[count.index]["cidr_block"]
+  egress          = false
+  rule_number     = var.intra_inbound_acl_rules[count.index]["rule_number"]
+  rule_action     = var.intra_inbound_acl_rules[count.index]["rule_action"]
+  from_port       = lookup(var.intra_inbound_acl_rules[count.index], "from_port", null)
+  to_port         = lookup(var.intra_inbound_acl_rules[count.index], "to_port", null)
+  icmp_code       = lookup(var.intra_inbound_acl_rules[count.index], "icmp_code", null)
+  icmp_type       = lookup(var.intra_inbound_acl_rules[count.index], "icmp_type", null)
+  protocol        = var.intra_inbound_acl_rules[count.index]["protocol"]
+  cidr_block      = lookup(var.intra_inbound_acl_rules[count.index], "cidr_block", null)
+  ipv6_cidr_block = lookup(var.intra_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
 }

 resource "aws_network_acl_rule" "intra_outbound" {
@@ -663,15 +668,16 @@ resource "aws_network_acl_rule" "intra_outbound" {

  network_acl_id = aws_network_acl.intra[0].id

-  egress      = true
-  rule_number = var.intra_outbound_acl_rules[count.index]["rule_number"]
-  rule_action = var.intra_outbound_acl_rules[count.index]["rule_action"]
-  from_port   = lookup(var.intra_outbound_acl_rules[count.index], "from_port", null)
-  to_port     = lookup(var.intra_outbound_acl_rules[count.index], "to_port", null)
-  icmp_code   = lookup(var.intra_outbound_acl_rules[count.index], "icmp_code", null)
-  icmp_type   = lookup(var.intra_outbound_acl_rules[count.index], "icmp_type", null)
-  protocol    = var.intra_outbound_acl_rules[count.index]["protocol"]
-  cidr_block  = var.intra_outbound_acl_rules[count.index]["cidr_block"]
+  egress          = true
+  rule_number     = var.intra_outbound_acl_rules[count.index]["rule_number"]
+  rule_action     = var.intra_outbound_acl_rules[count.index]["rule_action"]
+  from_port       = lookup(var.intra_outbound_acl_rules[count.index], "from_port", null)
+  to_port         = lookup(var.intra_outbound_acl_rules[count.index], "to_port", null)
+  icmp_code       = lookup(var.intra_outbound_acl_rules[count.index], "icmp_code", null)
+  icmp_type       = lookup(var.intra_outbound_acl_rules[count.index], "icmp_type", null)
+  protocol        = var.intra_outbound_acl_rules[count.index]["protocol"]
+  cidr_block      = lookup(var.intra_outbound_acl_rules[count.index], "cidr_block", null)
+  ipv6_cidr_block = lookup(var.intra_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
 }

 ########################
@@ -697,15 +703,16 @@ resource "aws_network_acl_rule" "database_inbound" {

  network_acl_id = aws_network_acl.database[0].id

-  egress      = false
-  rule_number = var.database_inbound_acl_rules[count.index]["rule_number"]
-  rule_action = var.database_inbound_acl_rules[count.index]["rule_action"]
-  from_port   = lookup(var.database_inbound_acl_rules[count.index], "from_port", null)
-  to_port     = lookup(var.database_inbound_acl_rules[count.index], "to_port", null)
-  icmp_code   = lookup(var.database_inbound_acl_rules[count.index], "icmp_code", null)
-  icmp_type   = lookup(var.database_inbound_acl_rules[count.index], "icmp_type", null)
-  protocol    = var.database_inbound_acl_rules[count.index]["protocol"]
-  cidr_block  = var.database_inbound_acl_rules[count.index]["cidr_block"]
+  egress          = false
+  rule_number     = var.database_inbound_acl_rules[count.index]["rule_number"]
+  rule_action     = var.database_inbound_acl_rules[count.index]["rule_action"]
+  from_port       = lookup(var.database_inbound_acl_rules[count.index], "from_port", null)
+  to_port         = lookup(var.database_inbound_acl_rules[count.index], "to_port", null)
+  icmp_code       = lookup(var.database_inbound_acl_rules[count.index], "icmp_code", null)
+  icmp_type       = lookup(var.database_inbound_acl_rules[count.index], "icmp_type", null)
+  protocol        = var.database_inbound_acl_rules[count.index]["protocol"]
+  cidr_block      = lookup(var.database_inbound_acl_rules[count.index], "cidr_block", null)
+  ipv6_cidr_block = lookup(var.database_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
 }

 resource "aws_network_acl_rule" "database_outbound" {
@@ -713,15 +720,16 @@ resource "aws_network_acl_rule" "database_outbound" {

  network_acl_id = aws_network_acl.database[0].id

-  egress      = true
-  rule_number = var.database_outbound_acl_rules[count.index]["rule_number"]
-  rule_action = var.database_outbound_acl_rules[count.index]["rule_action"]
-  from_port   = lookup(var.database_outbound_acl_rules[count.index], "from_port", null)
-  to_port     = lookup(var.database_outbound_acl_rules[count.index], "to_port", null)
-  icmp_code   = lookup(var.database_outbound_acl_rules[count.index], "icmp_code", null)
-  icmp_type   = lookup(var.database_outbound_acl_rules[count.index], "icmp_type", null)
-  protocol    = var.database_outbound_acl_rules[count.index]["protocol"]
-  cidr_block  = var.database_outbound_acl_rules[count.index]["cidr_block"]
+  egress          = true
+  rule_number     = var.database_outbound_acl_rules[count.index]["rule_number"]
+  rule_action     = var.database_outbound_acl_rules[count.index]["rule_action"]
+  from_port       = lookup(var.database_outbound_acl_rules[count.index], "from_port", null)
+  to_port         = lookup(var.database_outbound_acl_rules[count.index], "to_port", null)
+  icmp_code       = lookup(var.database_outbound_acl_rules[count.index], "icmp_code", null)
+  icmp_type       = lookup(var.database_outbound_acl_rules[count.index], "icmp_type", null)
+  protocol        = var.database_outbound_acl_rules[count.index]["protocol"]
+  cidr_block      = lookup(var.database_outbound_acl_rules[count.index], "cidr_block", null)
+  ipv6_cidr_block = lookup(var.database_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
 }

 ########################
@@ -747,15 +755,16 @@ resource "aws_network_acl_rule" "redshift_inbound" {

  network_acl_id = aws_network_acl.redshift[0].id

-  egress      = false
-  rule_number = var.redshift_inbound_acl_rules[count.index]["rule_number"]
-  rule_action = var.redshift_inbound_acl_rules[count.index]["rule_action"]
-  from_port   = lookup(var.redshift_inbound_acl_rules[count.index], "from_port", null)
-  to_port     = lookup(var.redshift_inbound_acl_rules[count.index], "to_port", null)
-  icmp_code   = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_code", null)
-  icmp_type   = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_type", null)
-  protocol    = var.redshift_inbound_acl_rules[count.index]["protocol"]
-  cidr_block  = var.redshift_inbound_acl_rules[count.index]["cidr_block"]
+  egress          = false
+  rule_number     = var.redshift_inbound_acl_rules[count.index]["rule_number"]
+  rule_action     = var.redshift_inbound_acl_rules[count.index]["rule_action"]
+  from_port       = lookup(var.redshift_inbound_acl_rules[count.index], "from_port", null)
+  to_port         = lookup(var.redshift_inbound_acl_rules[count.index], "to_port", null)
+  icmp_code       = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_code", null)
+  icmp_type       = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_type", null)
+  protocol        = var.redshift_inbound_acl_rules[count.index]["protocol"]
+  cidr_block      = lookup(var.redshift_inbound_acl_rules[count.index], "cidr_block", null)
+  ipv6_cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
 }

 resource "aws_network_acl_rule" "redshift_outbound" {
@@ -763,15 +772,16 @@ resource "aws_network_acl_rule" "redshift_outbound" {

  network_acl_id = aws_network_acl.redshift[0].id

-  egress      = true
-  rule_number = var.redshift_outbound_acl_rules[count.index]["rule_number"]
-  rule_action = var.redshift_outbound_acl_rules[count.index]["rule_action"]
-  from_port   = lookup(var.redshift_outbound_acl_rules[count.index], "from_port", null)
-  to_port     = lookup(var.redshift_outbound_acl_rules[count.index], "to_port", null)
-  icmp_code   = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_code", null)
-  icmp_type   = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_type", null)
-  protocol    = var.redshift_outbound_acl_rules[count.index]["protocol"]
-  cidr_block  = var.redshift_outbound_acl_rules[count.index]["cidr_block"]
+  egress          = true
+  rule_number     = var.redshift_outbound_acl_rules[count.index]["rule_number"]
+  rule_action     = var.redshift_outbound_acl_rules[count.index]["rule_action"]
+  from_port       = lookup(var.redshift_outbound_acl_rules[count.index], "from_port", null)
+  to_port         = lookup(var.redshift_outbound_acl_rules[count.index], "to_port", null)
+  icmp_code       = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_code", null)
+  icmp_type       = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_type", null)
+  protocol        = var.redshift_outbound_acl_rules[count.index]["protocol"]
+  cidr_block      = lookup(var.redshift_outbound_acl_rules[count.index], "cidr_block", null)
+  ipv6_cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
 }

 ###########################
@@ -797,15 +807,16 @@ resource "aws_network_acl_rule" "elasticache_inbound" {

  network_acl_id = aws_network_acl.elasticache[0].id

-  egress      = false
-  rule_number = var.elasticache_inbound_acl_rules[count.index]["rule_number"]
-  rule_action = var.elasticache_inbound_acl_rules[count.index]["rule_action"]
-  from_port   = lookup(var.elasticache_inbound_acl_rules[count.index], "from_port", null)
-  to_port     = lookup(var.elasticache_inbound_acl_rules[count.index], "to_port", null)
-  icmp_code   = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_code", null)
-  icmp_type   = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_type", null)
-  protocol    = var.elasticache_inbound_acl_rules[count.index]["protocol"]
-  cidr_block  = var.elasticache_inbound_acl_rules[count.index]["cidr_block"]
+  egress          = false
+  rule_number     = var.elasticache_inbound_acl_rules[count.index]["rule_number"]
+  rule_action     = var.elasticache_inbound_acl_rules[count.index]["rule_action"]
+  from_port       = lookup(var.elasticache_inbound_acl_rules[count.index], "from_port", null)
+  to_port         = lookup(var.elasticache_inbound_acl_rules[count.index], "to_port", null)
+  icmp_code       = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_code", null)
+  icmp_type       = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_type", null)
+  protocol        = var.elasticache_inbound_acl_rules[count.index]["protocol"]
+  cidr_block      = lookup(var.elasticache_inbound_acl_rules[count.index], "cidr_block", null)
+  ipv6_cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
 }

 resource "aws_network_acl_rule" "elasticache_outbound" {
@@ -813,15 +824,16 @@ resource "aws_network_acl_rule" "elasticache_outbound" {

  network_acl_id = aws_network_acl.elasticache[0].id

-  egress      = true
-  rule_number = var.elasticache_outbound_acl_rules[count.index]["rule_number"]
-  rule_action = var.elasticache_outbound_acl_rules[count.index]["rule_action"]
-  from_port   = lookup(var.elasticache_outbound_acl_rules[count.index], "from_port", null)
-  to_port     = lookup(var.elasticache_outbound_acl_rules[count.index], "to_port", null)
-  icmp_code   = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_code", null)
-  icmp_type   = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_type", null)
-  protocol    = var.elasticache_outbound_acl_rules[count.index]["protocol"]
-  cidr_block  = var.elasticache_outbound_acl_rules[count.index]["cidr_block"]
+  egress          = true
+  rule_number     = var.elasticache_outbound_acl_rules[count.index]["rule_number"]
+  rule_action     = var.elasticache_outbound_acl_rules[count.index]["rule_action"]
+  from_port       = lookup(var.elasticache_outbound_acl_rules[count.index], "from_port", null)
+  to_port         = lookup(var.elasticache_outbound_acl_rules[count.index], "to_port", null)
+  icmp_code       = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_code", null)
+  icmp_type       = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_type", null)
+  protocol        = var.elasticache_outbound_acl_rules[count.index]["protocol"]
+  cidr_block      = lookup(var.elasticache_outbound_acl_rules[count.index], "cidr_block", null)
+  ipv6_cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
 }

 ##############