-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
226 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| # Local .terraform directories | ||
| **/.terraform/* | ||
|
|
||
| # .tfstate files | ||
| *.tfstate | ||
| *.tfstate.* | ||
|
|
||
| # lock files | ||
| *.terraform.lock.* | ||
|
|
||
| # values files | ||
| terraform.tfvars | ||
| terraform.json | ||
|
|
||
| # Crash log files | ||
| crash.log | ||
|
|
||
| # Ignore any .tfvars files that are generated automatically for each Terraform run. Most | ||
| # .tfvars files are managed as part of configuration and so should be included in | ||
| # version control. | ||
| # | ||
| # example.tfvars | ||
|
|
||
| # Ignore override files as they are usually used to override resources locally and so | ||
| # are not checked in | ||
| override.tf | ||
| override.tf.json | ||
| *_override.tf | ||
| *_override.tf.json | ||
|
|
||
| # Include override files you do wish to add to version control using negated pattern | ||
| # | ||
| # !example_override.tf | ||
|
|
||
| # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan | ||
| # example: *tfplan* | ||
|
|
||
| # Don't upload the transform bash script | ||
| setup.sh | ||
|
|
||
| # Mac .DS_Store | ||
| .DS_Store |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "nacl": { | ||
| "test-nacl": { | ||
| "vpc_name": "dev-workload-vpc", | ||
| "name": "test-nacl", | ||
| "subnet_names": ["dev-workload-vpc-1a-pvtsub-1"], | ||
| "ingress_rules": [{ | ||
| "rule_number": "200", | ||
| "from_port": "443", | ||
| "to_port": "443", | ||
| "cidr_block": "0.0.0.0/0", | ||
| "rule_action": "allow", | ||
| "protocol": "tcp" | ||
| },{ | ||
| "rule_number": "201", | ||
| "from_port": "80", | ||
| "to_port": "80", | ||
| "cidr_block": "0.0.0.0/0", | ||
| "rule_action": "allow", | ||
| "protocol": "tcp" | ||
| }], | ||
| "egress_rules": [{ | ||
| "rule_number": "202", | ||
| "from_port": "443", | ||
| "to_port": "443", | ||
| "cidr_block": "0.0.0.0/0", | ||
| "rule_action": "allow", | ||
| "protocol": "tcp" | ||
| },{ | ||
| "rule_number": "203", | ||
| "from_port": "80", | ||
| "to_port": "80", | ||
| "cidr_block": "0.0.0.0/0", | ||
| "rule_action": "allow", | ||
| "protocol": "tcp" | ||
| }] | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| data "aws_vpcs" "nacl_vpc" { | ||
| filter { | ||
| name = "tag:Name" | ||
| values = [var.vpc_name] | ||
| } | ||
| } | ||
|
|
||
| data "aws_subnet" "nacl_subnet" { | ||
| for_each = toset(var.subnet_names) | ||
| filter { | ||
| name = "tag:Name" | ||
| values = [each.key] | ||
| } | ||
| } | ||
|
|
||
| resource "aws_network_acl" "main" { | ||
| vpc_id = data.aws_vpcs.nacl_vpc.ids.0 | ||
| subnet_ids = [for subnets in data.aws_subnet.nacl_subnet : subnets.id] | ||
| tags = merge(tomap({ Name = var.name }), var.tags) | ||
| } | ||
|
|
||
| resource "aws_network_acl_rule" "ingress" { | ||
| for_each = { for index, ingress_rule in var.ingress_rules : ingress_rule.rule_number => ingress_rule } | ||
| network_acl_id = aws_network_acl.main.id | ||
| rule_number = each.value.rule_number | ||
| egress = false | ||
| protocol = each.value.protocol | ||
| rule_action = each.value.rule_action | ||
| cidr_block = each.value.cidr_block | ||
| from_port = each.value.from_port | ||
| to_port = each.value.to_port | ||
| } | ||
|
|
||
|
|
||
| resource "aws_network_acl_rule" "egress" { | ||
| for_each = { for index, egress_rule in var.egress_rules : egress_rule.rule_number => egress_rule } | ||
| network_acl_id = aws_network_acl.main.id | ||
| rule_number = each.value.rule_number | ||
| egress = true | ||
| protocol = each.value.protocol | ||
| rule_action = each.value.rule_action | ||
| cidr_block = each.value.cidr_block | ||
| from_port = each.value.from_port | ||
| to_port = each.value.to_port | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| output "id" { | ||
| description = "The ID of the network ACL." | ||
| value = aws_network_acl.main.id | ||
| } | ||
|
|
||
| output "arn" { | ||
| description = "The ARN of the network ACL." | ||
| value = aws_network_acl.main.arn | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| variable "name" { | ||
| type = string | ||
| description = "name of the nacl." | ||
| default = null | ||
| } | ||
|
|
||
| variable "vpc_name" { | ||
| type = string | ||
| description = "Name of the VPC to attach to." | ||
| default = null | ||
| } | ||
|
|
||
| variable "subnet_names" { | ||
| type = list(string) | ||
| description = "List of subnets to attach nacl to." | ||
| default = [] | ||
| } | ||
| variable "tags" { | ||
| type = map(string) | ||
| description = "Tags to apply to the nacl." | ||
| default = {} | ||
| } | ||
|
|
||
| variable "ingress_rules" { | ||
| type = list(object({ | ||
| rule_number = string | ||
| from_port = optional(string, null) | ||
| to_port = optional(string, null) | ||
| protocol = optional(string, "-1") | ||
| cidr_block = optional(string, "0.0.0.0/0") | ||
| rule_action = optional(string, "allow") | ||
| })) | ||
| default = [] | ||
| } | ||
|
|
||
| variable "egress_rules" { | ||
| type = list(object({ | ||
| rule_number = string | ||
| from_port = optional(string, null) | ||
| to_port = optional(string, null) | ||
| protocol = optional(string, "-1") | ||
| cidr_block = optional(string, "0.0.0.0/0") | ||
| rule_action = optional(string, "allow") | ||
| })) | ||
| default = [] | ||
| } |