Skip to content

T
terraform-aws-vpc
Commit ec228e00 authored by Bas Zoetekouw's avatar Bas Zoetekouw Committed by Anton Babenko
Browse files
Options

Added support for `ipv6_cidr_block` in network acls (#329) 

Add support for `ipv6_cidr_block` in `*_{in|out}bound_acl_rules`.  As a
conseqeunce, the (ipv4) `cidr_block` is made optional.
parent 4a91495e
Show whitespace changes
Inline Side-by-side
Showing with 120 additions and 108 deletions
main.tf
View file @ ec228e00
...@@ -555,7 +555,8 @@ resource "aws_network_acl_rule" "public_inbound" { ...@@ -555,7 +555,8 @@ resource "aws_network_acl_rule" "public_inbound" {
icmp_code = lookup(var.public_inbound_acl_rules[count.index], "icmp_code", null) icmp_code = lookup(var.public_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.public_inbound_acl_rules[count.index], "icmp_type", null) icmp_type = lookup(var.public_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.public_inbound_acl_rules[count.index]["protocol"] protocol = var.public_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.public_inbound_acl_rules[count.index]["cidr_block"] cidr_block = lookup(var.public_inbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.public_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
resource "aws_network_acl_rule" "public_outbound" { resource "aws_network_acl_rule" "public_outbound" {
...@@ -571,7 +572,8 @@ resource "aws_network_acl_rule" "public_outbound" { ...@@ -571,7 +572,8 @@ resource "aws_network_acl_rule" "public_outbound" {
icmp_code = lookup(var.public_outbound_acl_rules[count.index], "icmp_code", null) icmp_code = lookup(var.public_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.public_outbound_acl_rules[count.index], "icmp_type", null) icmp_type = lookup(var.public_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.public_outbound_acl_rules[count.index]["protocol"] protocol = var.public_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.public_outbound_acl_rules[count.index]["cidr_block"] cidr_block = lookup(var.public_outbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.public_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
####################### #######################
...@@ -605,7 +607,8 @@ resource "aws_network_acl_rule" "private_inbound" { ...@@ -605,7 +607,8 @@ resource "aws_network_acl_rule" "private_inbound" {
icmp_code = lookup(var.private_inbound_acl_rules[count.index], "icmp_code", null) icmp_code = lookup(var.private_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.private_inbound_acl_rules[count.index], "icmp_type", null) icmp_type = lookup(var.private_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.private_inbound_acl_rules[count.index]["protocol"] protocol = var.private_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.private_inbound_acl_rules[count.index]["cidr_block"] cidr_block = lookup(var.private_inbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.private_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
resource "aws_network_acl_rule" "private_outbound" { resource "aws_network_acl_rule" "private_outbound" {
...@@ -621,7 +624,8 @@ resource "aws_network_acl_rule" "private_outbound" { ...@@ -621,7 +624,8 @@ resource "aws_network_acl_rule" "private_outbound" {
icmp_code = lookup(var.private_outbound_acl_rules[count.index], "icmp_code", null) icmp_code = lookup(var.private_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.private_outbound_acl_rules[count.index], "icmp_type", null) icmp_type = lookup(var.private_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.private_outbound_acl_rules[count.index]["protocol"] protocol = var.private_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.private_outbound_acl_rules[count.index]["cidr_block"] cidr_block = lookup(var.private_outbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.private_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
######################## ########################
...@@ -655,7 +659,8 @@ resource "aws_network_acl_rule" "intra_inbound" { ...@@ -655,7 +659,8 @@ resource "aws_network_acl_rule" "intra_inbound" {
icmp_code = lookup(var.intra_inbound_acl_rules[count.index], "icmp_code", null) icmp_code = lookup(var.intra_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.intra_inbound_acl_rules[count.index], "icmp_type", null) icmp_type = lookup(var.intra_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.intra_inbound_acl_rules[count.index]["protocol"] protocol = var.intra_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.intra_inbound_acl_rules[count.index]["cidr_block"] cidr_block = lookup(var.intra_inbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.intra_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
resource "aws_network_acl_rule" "intra_outbound" { resource "aws_network_acl_rule" "intra_outbound" {
...@@ -671,7 +676,8 @@ resource "aws_network_acl_rule" "intra_outbound" { ...@@ -671,7 +676,8 @@ resource "aws_network_acl_rule" "intra_outbound" {
icmp_code = lookup(var.intra_outbound_acl_rules[count.index], "icmp_code", null) icmp_code = lookup(var.intra_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.intra_outbound_acl_rules[count.index], "icmp_type", null) icmp_type = lookup(var.intra_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.intra_outbound_acl_rules[count.index]["protocol"] protocol = var.intra_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.intra_outbound_acl_rules[count.index]["cidr_block"] cidr_block = lookup(var.intra_outbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.intra_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
######################## ########################
...@@ -705,7 +711,8 @@ resource "aws_network_acl_rule" "database_inbound" { ...@@ -705,7 +711,8 @@ resource "aws_network_acl_rule" "database_inbound" {
icmp_code = lookup(var.database_inbound_acl_rules[count.index], "icmp_code", null) icmp_code = lookup(var.database_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.database_inbound_acl_rules[count.index], "icmp_type", null) icmp_type = lookup(var.database_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.database_inbound_acl_rules[count.index]["protocol"] protocol = var.database_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.database_inbound_acl_rules[count.index]["cidr_block"] cidr_block = lookup(var.database_inbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.database_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
resource "aws_network_acl_rule" "database_outbound" { resource "aws_network_acl_rule" "database_outbound" {
...@@ -721,7 +728,8 @@ resource "aws_network_acl_rule" "database_outbound" { ...@@ -721,7 +728,8 @@ resource "aws_network_acl_rule" "database_outbound" {
icmp_code = lookup(var.database_outbound_acl_rules[count.index], "icmp_code", null) icmp_code = lookup(var.database_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.database_outbound_acl_rules[count.index], "icmp_type", null) icmp_type = lookup(var.database_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.database_outbound_acl_rules[count.index]["protocol"] protocol = var.database_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.database_outbound_acl_rules[count.index]["cidr_block"] cidr_block = lookup(var.database_outbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.database_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
######################## ########################
...@@ -755,7 +763,8 @@ resource "aws_network_acl_rule" "redshift_inbound" { ...@@ -755,7 +763,8 @@ resource "aws_network_acl_rule" "redshift_inbound" {
icmp_code = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_code", null) icmp_code = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_type", null) icmp_type = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.redshift_inbound_acl_rules[count.index]["protocol"] protocol = var.redshift_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.redshift_inbound_acl_rules[count.index]["cidr_block"] cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
resource "aws_network_acl_rule" "redshift_outbound" { resource "aws_network_acl_rule" "redshift_outbound" {
...@@ -771,7 +780,8 @@ resource "aws_network_acl_rule" "redshift_outbound" { ...@@ -771,7 +780,8 @@ resource "aws_network_acl_rule" "redshift_outbound" {
icmp_code = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_code", null) icmp_code = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_type", null) icmp_type = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.redshift_outbound_acl_rules[count.index]["protocol"] protocol = var.redshift_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.redshift_outbound_acl_rules[count.index]["cidr_block"] cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
########################### ###########################
...@@ -805,7 +815,8 @@ resource "aws_network_acl_rule" "elasticache_inbound" { ...@@ -805,7 +815,8 @@ resource "aws_network_acl_rule" "elasticache_inbound" {
icmp_code = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_code", null) icmp_code = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_type", null) icmp_type = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.elasticache_inbound_acl_rules[count.index]["protocol"] protocol = var.elasticache_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.elasticache_inbound_acl_rules[count.index]["cidr_block"] cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
resource "aws_network_acl_rule" "elasticache_outbound" { resource "aws_network_acl_rule" "elasticache_outbound" {
...@@ -821,7 +832,8 @@ resource "aws_network_acl_rule" "elasticache_outbound" { ...@@ -821,7 +832,8 @@ resource "aws_network_acl_rule" "elasticache_outbound" {
icmp_code = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_code", null) icmp_code = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_type", null) icmp_type = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.elasticache_outbound_acl_rules[count.index]["protocol"] protocol = var.elasticache_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.elasticache_outbound_acl_rules[count.index]["cidr_block"] cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
} }
############## ##############
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment