Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure network ACLs for public/private/intra subnets #174

Closed
wants to merge 13 commits into from
Closed

Configure network ACLs for public/private/intra subnets #174

wants to merge 13 commits into from

Commits on Feb 25, 2019

  1. Add variables for network ACLs

    Add variables for specifying network ACLs for public, private, and
    intra subnets. The ACLs are defined in a list, with sets of seven
    elements for the rule number, rule action, from port, to port,
    protocol, and cidr block.
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    37ef55f View commit details
    Browse the repository at this point in the history
  2. Add variables for network ACL tags

    Add variables to specify additional tags for public, private, and intra
    network ACL resources.
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    f973b98 View commit details
    Browse the repository at this point in the history
  3. Add resources for network ACLs

    Add aws_network_acl and aws_network_acl_rule resources to specify
    inbound and outbound network ACL rules for public, private, and intra
    subnets.
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    03e2363 View commit details
    Browse the repository at this point in the history
  4. Add resource for default network ACL

    Add a aws_default_network_acl resource to adopt the default network ACL
    in the VPC.
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    feab0dc View commit details
    Browse the repository at this point in the history
  5. Adjust spacing to match code style

    Remove the empty lines after comment blocks for network ACLs to match
    the style of the rest of this module.
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    757e573 View commit details
    Browse the repository at this point in the history
  6. Copy simple-vpc example as network-acls

    Copy the simple-vpc example and adapt it to demonstrate the
    configuration of network ACLs. A set of inbound and outbound ACLs are
    specified in main.tf.
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    5bc3c85 View commit details
    Browse the repository at this point in the history
  7. Rename variables from _acls to _acl_rules

    Clarify the variables for specifying ACL rules by renaming them from
    *_acls to *_acl_rules. The values are used to create rules, not create
    ACLs.
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    0a75f64 View commit details
    Browse the repository at this point in the history
  8. Add nacl resources and variables for other subnets

    Add aws_network_acl and aws_network_acl_rule resources for database,
    redshift, and elasticache subnets, along with corresponding variables.
    This provides network ACL coverage to all subnet types produced by this
    module.
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    d469a8c View commit details
    Browse the repository at this point in the history
  9. Create ACLs only if there are subnets

    For each subnet type, only create ACL resources if there are subnets
    defined. For example, if database_subnets is empty, then don't create
    ACL resources for database subnets.
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    e70cff3 View commit details
    Browse the repository at this point in the history
  10. Add missing variables for ACL tags

    Add the missing variable declarations for database_acl_tags,
    redshift_acl_tags, and elasticache_acl_tags.
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    60e1a3a View commit details
    Browse the repository at this point in the history
  11. Make ACL singular in description for _acl_tags

    A single ACL is created for each of the subnet types. Update the
    variable descriptions to reflect this.
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    3f8362f View commit details
    Browse the repository at this point in the history
  12. Convert rules to nested list of maps

    Convert the NACL rule specifications from a list of lists to a list of
    maps, as suggested by @jczerniak. This improves the readability of
    rules.
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    51157a6 View commit details
    Browse the repository at this point in the history
  13. Restructure example config to use locals

    Restructure the network ACL rules in the network-acls example to use
    local variables to specify the rules, split between default and custom
    rules.
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    6b83388 View commit details
    Browse the repository at this point in the history