-
-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configure network ACLs for public/private/intra subnets #174
Configure network ACLs for public/private/intra subnets #174
Commits on Feb 25, 2019
-
Add variables for network ACLs
Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block.
Configuration menu - View commit details
-
Copy full SHA for 37ef55f - Browse repository at this point
Copy the full SHA 37ef55fView commit details -
Add variables for network ACL tags
Add variables to specify additional tags for public, private, and intra network ACL resources.
Configuration menu - View commit details
-
Copy full SHA for f973b98 - Browse repository at this point
Copy the full SHA f973b98View commit details -
Add resources for network ACLs
Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets.
Configuration menu - View commit details
-
Copy full SHA for 03e2363 - Browse repository at this point
Copy the full SHA 03e2363View commit details -
Add resource for default network ACL
Add a aws_default_network_acl resource to adopt the default network ACL in the VPC.
Configuration menu - View commit details
-
Copy full SHA for feab0dc - Browse repository at this point
Copy the full SHA feab0dcView commit details -
Adjust spacing to match code style
Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module.
Configuration menu - View commit details
-
Copy full SHA for 757e573 - Browse repository at this point
Copy the full SHA 757e573View commit details -
Copy simple-vpc example as network-acls
Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf.
Configuration menu - View commit details
-
Copy full SHA for 5bc3c85 - Browse repository at this point
Copy the full SHA 5bc3c85View commit details -
Rename variables from _acls to _acl_rules
Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs.
Configuration menu - View commit details
-
Copy full SHA for 0a75f64 - Browse repository at this point
Copy the full SHA 0a75f64View commit details -
Add nacl resources and variables for other subnets
Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module.
Configuration menu - View commit details
-
Copy full SHA for d469a8c - Browse repository at this point
Copy the full SHA d469a8cView commit details -
Create ACLs only if there are subnets
For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets.
Configuration menu - View commit details
-
Copy full SHA for e70cff3 - Browse repository at this point
Copy the full SHA e70cff3View commit details -
Add missing variables for ACL tags
Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags.
Configuration menu - View commit details
-
Copy full SHA for 60e1a3a - Browse repository at this point
Copy the full SHA 60e1a3aView commit details -
Make ACL singular in description for _acl_tags
A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this.
Configuration menu - View commit details
-
Copy full SHA for 3f8362f - Browse repository at this point
Copy the full SHA 3f8362fView commit details -
Convert rules to nested list of maps
Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules.
Configuration menu - View commit details
-
Copy full SHA for 51157a6 - Browse repository at this point
Copy the full SHA 51157a6View commit details -
Restructure example config to use locals
Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules.
Configuration menu - View commit details
-
Copy full SHA for 6b83388 - Browse repository at this point
Copy the full SHA 6b83388View commit details