NEW: nacl module

modules/networking/nacl/README.md

@@ -0,0 +1,23 @@
+# nacl module
+This module takes in list(list(string)) and construct NACL using dynamic block.
+
+Example code in root module
+```hcl
+module "nacl" {
+  source = "../../modules/networking/nacl"
+
+  egress_rules = [
+    ["210", "-1", "0", "0", "10.29.0.0/16", "allow"],
+    ["220", "tcp", "443", "443", "10.35.32.0/22", "allow"],
+    ["230", "udp", "53", "53", "10.35.67.0/24", "allow"]
+  ]
+  ingress_rules = [
+    ["310", "-1", "0", "0", "10.29.0.0/16", "allow"],
+    ["320", "tcp", "80", "81", "10.35.32.0/22", "allow"],
+    ["330", "udp", "53", "53", "10.35.67.0/24", "allow"]
+  ]
+  subnet_ids = ["subnet-0927ba1b06ccfe6c5", "subnet-0551e96ffd016192a"]
+  vpc_id     = "vpc-01a10b033169f89a8"
+  acl_name   = "test-nacl"
+}
+```

modules/networking/nacl/main.tf

@@ -0,0 +1,32 @@
+
+resource "aws_network_acl" "this" {
+  vpc_id     = var.vpc_id
+  subnet_ids = var.subnet_ids
+  tags = {
+    Name = var.acl_name
+  }
+  dynamic "ingress" {
+    for_each = var.ingress_rules
+    content {
+      rule_no    = ingress.value[0]
+      protocol   = ingress.value[1]
+      from_port  = ingress.value[2]
+      to_port    = ingress.value[3]
+      cidr_block = ingress.value[4]
+      action     = ingress.value[5]
+    }
+  }
+
+  dynamic "egress" {
+    for_each = var.egress_rules
+    content {
+      rule_no    = egress.value[0]
+      protocol   = egress.value[1]
+      from_port  = egress.value[2]
+      to_port    = egress.value[3]
+      cidr_block = egress.value[4]
+      action     = egress.value[5]
+    }
+  }
+
+}

modules/networking/nacl/provider.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = "~> 1.3.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
+    }
+  }
+}

modules/networking/nacl/variables.tf

@@ -0,0 +1,19 @@
+variable vpc_id {
+  type = string
+}
+
+variable subnet_ids {
+  type = list(string)
+}
+
+variable ingress_rules {
+  type = list(list(string))
+}
+
+variable egress_rules {
+  type = list(list(string))
+}
+
+variable acl_name {
+  type = string
+}