From e6a826fc4c9f6849c7d8acc1f89398f37f398b81 Mon Sep 17 00:00:00 2001
From: xpk <xpk@headdesk.me>
Date: Wed, 25 Oct 2023 19:36:23 +0800
Subject: [PATCH] NEW: nacl module

---
 modules/networking/nacl/README.md    | 23 ++++++++++++++++++++
 modules/networking/nacl/main.tf      | 32 ++++++++++++++++++++++++++++
 modules/networking/nacl/provider.tf  |  9 ++++++++
 modules/networking/nacl/variables.tf | 19 +++++++++++++++++
 4 files changed, 83 insertions(+)
 create mode 100644 modules/networking/nacl/README.md
 create mode 100644 modules/networking/nacl/main.tf
 create mode 100644 modules/networking/nacl/provider.tf
 create mode 100644 modules/networking/nacl/variables.tf

diff --git a/modules/networking/nacl/README.md b/modules/networking/nacl/README.md
new file mode 100644
index 0000000..a431d9f
--- /dev/null
+++ b/modules/networking/nacl/README.md
@@ -0,0 +1,23 @@
+# nacl module
+This module takes in list(list(string)) and construct NACL using dynamic block.
+
+Example code in root module
+```hcl
+module "nacl" {
+  source = "../../modules/networking/nacl"
+
+  egress_rules = [
+    ["210", "-1", "0", "0", "10.29.0.0/16", "allow"],
+    ["220", "tcp", "443", "443", "10.35.32.0/22", "allow"],
+    ["230", "udp", "53", "53", "10.35.67.0/24", "allow"]
+  ]
+  ingress_rules = [
+    ["310", "-1", "0", "0", "10.29.0.0/16", "allow"],
+    ["320", "tcp", "80", "81", "10.35.32.0/22", "allow"],
+    ["330", "udp", "53", "53", "10.35.67.0/24", "allow"]
+  ]
+  subnet_ids = ["subnet-0927ba1b06ccfe6c5", "subnet-0551e96ffd016192a"]
+  vpc_id     = "vpc-01a10b033169f89a8"
+  acl_name   = "test-nacl"
+}
+```
\ No newline at end of file
diff --git a/modules/networking/nacl/main.tf b/modules/networking/nacl/main.tf
new file mode 100644
index 0000000..58acfdf
--- /dev/null
+++ b/modules/networking/nacl/main.tf
@@ -0,0 +1,32 @@
+
+resource "aws_network_acl" "this" {
+  vpc_id     = var.vpc_id
+  subnet_ids = var.subnet_ids
+  tags = {
+    Name = var.acl_name
+  }
+  dynamic "ingress" {
+    for_each = var.ingress_rules
+    content {
+      rule_no    = ingress.value[0]
+      protocol   = ingress.value[1]
+      from_port  = ingress.value[2]
+      to_port    = ingress.value[3]
+      cidr_block = ingress.value[4]
+      action     = ingress.value[5]
+    }
+  }
+
+  dynamic "egress" {
+    for_each = var.egress_rules
+    content {
+      rule_no    = egress.value[0]
+      protocol   = egress.value[1]
+      from_port  = egress.value[2]
+      to_port    = egress.value[3]
+      cidr_block = egress.value[4]
+      action     = egress.value[5]
+    }
+  }
+
+}
\ No newline at end of file
diff --git a/modules/networking/nacl/provider.tf b/modules/networking/nacl/provider.tf
new file mode 100644
index 0000000..356af51
--- /dev/null
+++ b/modules/networking/nacl/provider.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = "~> 1.3.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
+    }
+  }
+}
diff --git a/modules/networking/nacl/variables.tf b/modules/networking/nacl/variables.tf
new file mode 100644
index 0000000..13952c4
--- /dev/null
+++ b/modules/networking/nacl/variables.tf
@@ -0,0 +1,19 @@
+variable vpc_id {
+  type = string
+}
+
+variable subnet_ids {
+  type = list(string)
+}
+
+variable ingress_rules {
+  type = list(list(string))
+}
+
+variable egress_rules {
+  type = list(list(string))
+}
+
+variable acl_name {
+  type = string
+}
\ No newline at end of file