NEW: nacl module
This commit is contained in:
parent
395e4d729c
commit
e6a826fc4c
GPG Key ID:
CD4FF6793F09AB86
23
modules/networking/nacl/README.md
Normal file
23
modules/networking/nacl/README.md
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# nacl module
|
||||||
|
This module takes in list(list(string)) and construct NACL using dynamic block.
|
||||||
|
|
||||||
|
Example code in root module
|
||||||
|
```hcl
|
||||||
|
module "nacl" {
|
||||||
|
source = "../../modules/networking/nacl"
|
||||||
|
|
||||||
|
egress_rules = [
|
||||||
|
["210", "-1", "0", "0", "10.29.0.0/16", "allow"],
|
||||||
|
["220", "tcp", "443", "443", "10.35.32.0/22", "allow"],
|
||||||
|
["230", "udp", "53", "53", "10.35.67.0/24", "allow"]
|
||||||
|
]
|
||||||
|
ingress_rules = [
|
||||||
|
["310", "-1", "0", "0", "10.29.0.0/16", "allow"],
|
||||||
|
["320", "tcp", "80", "81", "10.35.32.0/22", "allow"],
|
||||||
|
["330", "udp", "53", "53", "10.35.67.0/24", "allow"]
|
||||||
|
]
|
||||||
|
subnet_ids = ["subnet-0927ba1b06ccfe6c5", "subnet-0551e96ffd016192a"]
|
||||||
|
vpc_id = "vpc-01a10b033169f89a8"
|
||||||
|
acl_name = "test-nacl"
|
||||||
|
}
|
||||||
|
```
|
||||||
32
modules/networking/nacl/main.tf
Normal file
32
modules/networking/nacl/main.tf
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
|
||||||
|
resource "aws_network_acl" "this" {
|
||||||
|
vpc_id = var.vpc_id
|
||||||
|
subnet_ids = var.subnet_ids
|
||||||
|
tags = {
|
||||||
|
Name = var.acl_name
|
||||||
|
}
|
||||||
|
dynamic "ingress" {
|
||||||
|
for_each = var.ingress_rules
|
||||||
|
content {
|
||||||
|
rule_no = ingress.value[0]
|
||||||
|
protocol = ingress.value[1]
|
||||||
|
from_port = ingress.value[2]
|
||||||
|
to_port = ingress.value[3]
|
||||||
|
cidr_block = ingress.value[4]
|
||||||
|
action = ingress.value[5]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "egress" {
|
||||||
|
for_each = var.egress_rules
|
||||||
|
content {
|
||||||
|
rule_no = egress.value[0]
|
||||||
|
protocol = egress.value[1]
|
||||||
|
from_port = egress.value[2]
|
||||||
|
to_port = egress.value[3]
|
||||||
|
cidr_block = egress.value[4]
|
||||||
|
action = egress.value[5]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
9
modules/networking/nacl/provider.tf
Normal file
9
modules/networking/nacl/provider.tf
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
terraform {
|
||||||
|
required_version = "~> 1.3.0"
|
||||||
|
required_providers {
|
||||||
|
aws = {
|
||||||
|
source = "hashicorp/aws"
|
||||||
|
version = ">= 4.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
19
modules/networking/nacl/variables.tf
Normal file
19
modules/networking/nacl/variables.tf
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
variable vpc_id {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable subnet_ids {
|
||||||
|
type = list(string)
|
||||||
|
}
|
||||||
|
|
||||||
|
variable ingress_rules {
|
||||||
|
type = list(list(string))
|
||||||
|
}
|
||||||
|
|
||||||
|
variable egress_rules {
|
||||||
|
type = list(list(string))
|
||||||
|
}
|
||||||
|
|
||||||
|
variable acl_name {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user