Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure network ACLs for public/private/intra subnets #174

Closed
wants to merge 13 commits into from
Closed

Configure network ACLs for public/private/intra subnets #174

wants to merge 13 commits into from

Commits on Feb 25, 2019

  1. Add variables for network ACLs 

    Add variables for specifying network ACLs for public, private, and
intra subnets. The ACLs are defined in a list, with sets of seven
elements for the rule number, rule action, from port, to port,
protocol, and cidr block.
    @kinghuang
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    37ef55f View commit details
    Browse the repository at this point in the history

  2. Add variables for network ACL tags 

    Add variables to specify additional tags for public, private, and intra
network ACL resources.
    @kinghuang
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    f973b98 View commit details
    Browse the repository at this point in the history

  3. Add resources for network ACLs 

    Add aws_network_acl and aws_network_acl_rule resources to specify
inbound and outbound network ACL rules for public, private, and intra
subnets.
    @kinghuang
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    03e2363 View commit details
    Browse the repository at this point in the history

  4. Add resource for default network ACL 

    Add a aws_default_network_acl resource to adopt the default network ACL
in the VPC.
    @kinghuang
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    feab0dc View commit details
    Browse the repository at this point in the history

  5. Adjust spacing to match code style 

    Remove the empty lines after comment blocks for network ACLs to match
the style of the rest of this module.
    @kinghuang
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    757e573 View commit details
    Browse the repository at this point in the history

  6. Copy simple-vpc example as network-acls 

    Copy the simple-vpc example and adapt it to demonstrate the
configuration of network ACLs. A set of inbound and outbound ACLs are
specified in main.tf.
    @kinghuang
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    5bc3c85 View commit details
    Browse the repository at this point in the history

  7. Rename variables from _acls to _acl_rules 

    Clarify the variables for specifying ACL rules by renaming them from
*_acls to *_acl_rules. The values are used to create rules, not create
ACLs.
    @kinghuang
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    0a75f64 View commit details
    Browse the repository at this point in the history

  8. Add nacl resources and variables for other subnets 

    Add aws_network_acl and aws_network_acl_rule resources for database,
redshift, and elasticache subnets, along with corresponding variables.
This provides network ACL coverage to all subnet types produced by this
module.
    @kinghuang
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    d469a8c View commit details
    Browse the repository at this point in the history

  9. Create ACLs only if there are subnets 

    For each subnet type, only create ACL resources if there are subnets
defined. For example, if database_subnets is empty, then don't create
ACL resources for database subnets.
    @kinghuang
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    e70cff3 View commit details
    Browse the repository at this point in the history

  10. Add missing variables for ACL tags 

    Add the missing variable declarations for database_acl_tags,
redshift_acl_tags, and elasticache_acl_tags.
    @kinghuang
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    60e1a3a View commit details
    Browse the repository at this point in the history

  11. Make ACL singular in description for _acl_tags 

    A single ACL is created for each of the subnet types. Update the
variable descriptions to reflect this.
    @kinghuang
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    3f8362f View commit details
    Browse the repository at this point in the history

  12. Convert rules to nested list of maps 

    Convert the NACL rule specifications from a list of lists to a list of
maps, as suggested by @jczerniak. This improves the readability of
rules.
    @kinghuang
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    51157a6 View commit details
    Browse the repository at this point in the history

  13. Restructure example config to use locals 

    Restructure the network ACL rules in the network-acls example to use
local variables to specify the rules, split between default and custom
rules.
    @kinghuang
    kinghuang committed Feb 25, 2019
    Configuration menu
    Copy the full SHA
    6b83388 View commit details
    Browse the repository at this point in the history