Skip to content

support ipv6_cidr_block in network acls #329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 30, 2019
Merged

support ipv6_cidr_block in network acls #329

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
228 changes: 120 additions & 108 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -547,31 +547,33 @@ resource "aws_network_acl_rule" "public_inbound" {

network_acl_id = aws_network_acl.public[0].id

egress = false
rule_number = var.public_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.public_inbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.public_inbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.public_inbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.public_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.public_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.public_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.public_inbound_acl_rules[count.index]["cidr_block"]
egress = false
rule_number = var.public_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.public_inbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.public_inbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.public_inbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.public_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.public_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.public_inbound_acl_rules[count.index]["protocol"]
cidr_block = lookup(var.public_inbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.public_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
}

resource "aws_network_acl_rule" "public_outbound" {
count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_outbound_acl_rules) : 0

network_acl_id = aws_network_acl.public[0].id

egress = true
rule_number = var.public_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.public_outbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.public_outbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.public_outbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.public_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.public_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.public_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.public_outbound_acl_rules[count.index]["cidr_block"]
egress = true
rule_number = var.public_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.public_outbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.public_outbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.public_outbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.public_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.public_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.public_outbound_acl_rules[count.index]["protocol"]
cidr_block = lookup(var.public_outbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.public_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
}

#######################
Expand All @@ -597,31 +599,33 @@ resource "aws_network_acl_rule" "private_inbound" {

network_acl_id = aws_network_acl.private[0].id

egress = false
rule_number = var.private_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.private_inbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.private_inbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.private_inbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.private_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.private_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.private_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.private_inbound_acl_rules[count.index]["cidr_block"]
egress = false
rule_number = var.private_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.private_inbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.private_inbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.private_inbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.private_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.private_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.private_inbound_acl_rules[count.index]["protocol"]
cidr_block = lookup(var.private_inbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.private_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
}

resource "aws_network_acl_rule" "private_outbound" {
count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_outbound_acl_rules) : 0

network_acl_id = aws_network_acl.private[0].id

egress = true
rule_number = var.private_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.private_outbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.private_outbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.private_outbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.private_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.private_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.private_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.private_outbound_acl_rules[count.index]["cidr_block"]
egress = true
rule_number = var.private_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.private_outbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.private_outbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.private_outbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.private_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.private_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.private_outbound_acl_rules[count.index]["protocol"]
cidr_block = lookup(var.private_outbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.private_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
}

########################
Expand All @@ -647,31 +651,33 @@ resource "aws_network_acl_rule" "intra_inbound" {

network_acl_id = aws_network_acl.intra[0].id

egress = false
rule_number = var.intra_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.intra_inbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.intra_inbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.intra_inbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.intra_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.intra_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.intra_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.intra_inbound_acl_rules[count.index]["cidr_block"]
egress = false
rule_number = var.intra_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.intra_inbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.intra_inbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.intra_inbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.intra_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.intra_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.intra_inbound_acl_rules[count.index]["protocol"]
cidr_block = lookup(var.intra_inbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.intra_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
}

resource "aws_network_acl_rule" "intra_outbound" {
count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_outbound_acl_rules) : 0

network_acl_id = aws_network_acl.intra[0].id

egress = true
rule_number = var.intra_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.intra_outbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.intra_outbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.intra_outbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.intra_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.intra_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.intra_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.intra_outbound_acl_rules[count.index]["cidr_block"]
egress = true
rule_number = var.intra_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.intra_outbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.intra_outbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.intra_outbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.intra_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.intra_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.intra_outbound_acl_rules[count.index]["protocol"]
cidr_block = lookup(var.intra_outbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.intra_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
}

########################
Expand All @@ -697,31 +703,33 @@ resource "aws_network_acl_rule" "database_inbound" {

network_acl_id = aws_network_acl.database[0].id

egress = false
rule_number = var.database_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.database_inbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.database_inbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.database_inbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.database_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.database_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.database_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.database_inbound_acl_rules[count.index]["cidr_block"]
egress = false
rule_number = var.database_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.database_inbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.database_inbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.database_inbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.database_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.database_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.database_inbound_acl_rules[count.index]["protocol"]
cidr_block = lookup(var.database_inbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.database_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
}

resource "aws_network_acl_rule" "database_outbound" {
count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_outbound_acl_rules) : 0

network_acl_id = aws_network_acl.database[0].id

egress = true
rule_number = var.database_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.database_outbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.database_outbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.database_outbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.database_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.database_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.database_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.database_outbound_acl_rules[count.index]["cidr_block"]
egress = true
rule_number = var.database_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.database_outbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.database_outbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.database_outbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.database_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.database_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.database_outbound_acl_rules[count.index]["protocol"]
cidr_block = lookup(var.database_outbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.database_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
}

########################
Expand All @@ -747,31 +755,33 @@ resource "aws_network_acl_rule" "redshift_inbound" {

network_acl_id = aws_network_acl.redshift[0].id

egress = false
rule_number = var.redshift_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.redshift_inbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.redshift_inbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.redshift_inbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.redshift_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.redshift_inbound_acl_rules[count.index]["cidr_block"]
egress = false
rule_number = var.redshift_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.redshift_inbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.redshift_inbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.redshift_inbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.redshift_inbound_acl_rules[count.index]["protocol"]
cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
}

resource "aws_network_acl_rule" "redshift_outbound" {
count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_outbound_acl_rules) : 0

network_acl_id = aws_network_acl.redshift[0].id

egress = true
rule_number = var.redshift_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.redshift_outbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.redshift_outbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.redshift_outbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.redshift_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.redshift_outbound_acl_rules[count.index]["cidr_block"]
egress = true
rule_number = var.redshift_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.redshift_outbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.redshift_outbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.redshift_outbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.redshift_outbound_acl_rules[count.index]["protocol"]
cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
}

###########################
Expand All @@ -797,31 +807,33 @@ resource "aws_network_acl_rule" "elasticache_inbound" {

network_acl_id = aws_network_acl.elasticache[0].id

egress = false
rule_number = var.elasticache_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.elasticache_inbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.elasticache_inbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.elasticache_inbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.elasticache_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.elasticache_inbound_acl_rules[count.index]["cidr_block"]
egress = false
rule_number = var.elasticache_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.elasticache_inbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.elasticache_inbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.elasticache_inbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_type", null)
protocol = var.elasticache_inbound_acl_rules[count.index]["protocol"]
cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
}

resource "aws_network_acl_rule" "elasticache_outbound" {
count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_outbound_acl_rules) : 0

network_acl_id = aws_network_acl.elasticache[0].id

egress = true
rule_number = var.elasticache_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.elasticache_outbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.elasticache_outbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.elasticache_outbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.elasticache_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.elasticache_outbound_acl_rules[count.index]["cidr_block"]
egress = true
rule_number = var.elasticache_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.elasticache_outbound_acl_rules[count.index]["rule_action"]
from_port = lookup(var.elasticache_outbound_acl_rules[count.index], "from_port", null)
to_port = lookup(var.elasticache_outbound_acl_rules[count.index], "to_port", null)
icmp_code = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_code", null)
icmp_type = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_type", null)
protocol = var.elasticache_outbound_acl_rules[count.index]["protocol"]
cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "cidr_block", null)
ipv6_cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
}

##############
Expand Down