diff --git a/tag-shared-vpc-resources/README.md b/tag-shared-vpc-resources/README.md
index e61069f..89fedf7 100644
--- a/tag-shared-vpc-resources/README.md
+++ b/tag-shared-vpc-resources/README.md
@@ -366,7 +366,8 @@ COMMAND tf-directory-setup.py -l s3
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
-| [aws](#requirement\_aws) | >= 3.66.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
+| [awscc](#requirement\_awscc) | >= 1.0 |
| [ldap](#requirement\_ldap) | >= 0.5.4 |
| [local](#requirement\_local) | >= 1.0.0 |
| [null](#requirement\_null) | >= 3.0 |
@@ -377,10 +378,10 @@ COMMAND tf-directory-setup.py -l s3
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 3.66.0 |
-| [aws.network\_account](#provider\_aws.network\_account) | >= 3.66.0 |
-| [local](#provider\_local) | >= 1.0.0 |
-| [null](#provider\_null) | >= 3.0 |
+| [aws](#provider\_aws) | >= 5.0 |
+| [aws.network\_account](#provider\_aws.network\_account) | >= 5.0 |
+| [awscc](#provider\_awscc) | >= 1.0 |
+| [awscc.network\_account](#provider\_awscc.network\_account) | >= 1.0 |
## Modules
@@ -396,9 +397,6 @@ No modules.
| [aws_ec2_tag.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource |
| [aws_ec2_tag.transit_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource |
| [aws_ec2_tag.vpcs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource |
-| [null_resource.network_acl](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [null_resource.network_acls](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [null_resource.setup_directory](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
| [aws_arn.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
| [aws_availability_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
@@ -407,7 +405,6 @@ No modules.
| [aws_caller_identity.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_ec2_transit_gateway.transit_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |
| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
-| [aws_network_acls.network_acls](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/network_acls) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
| [aws_route_table.route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_table) | data source |
| [aws_route_tables.route_tables](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables) | data source |
@@ -416,7 +413,8 @@ No modules.
| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
| [aws_vpc_dhcp_options.dhcp_options](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_dhcp_options) | data source |
| [aws_vpcs.vpcs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpcs) | data source |
-| [local_file.network_acl](https://registry.terraform.io/providers/hashicorp/local/latest/docs/data-sources/file) | data source |
+| [awscc_ec2_network_acl.nacls](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/data-sources/ec2_network_acl) | data source |
+| [awscc_ec2_network_acls.nacls](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/data-sources/ec2_network_acls) | data source |
## Inputs
diff --git a/tag-shared-vpc-resources/tag-network-acls.tf b/tag-shared-vpc-resources/tag-network-acls.tf
index a7edc48..59b90c0 100644
--- a/tag-shared-vpc-resources/tag-network-acls.tf
+++ b/tag-shared-vpc-resources/tag-network-acls.tf
@@ -1,72 +1,24 @@
-data "aws_network_acls" "network_acls" {
- for_each = local._nacl_enabled ? toset(data.aws_vpcs.vpcs.ids) : toset([])
- filter {
- name = "owner-id"
- values = [data.aws_arn.network_account.account]
- }
- filter {
- name = "vpc-id"
- values = [each.key]
- }
+data "awscc_ec2_network_acls" "nacls" {
+ count = local._nacl_enabled ? 1 : 0
}
-## data "aws_network_acl" "network_acl" {
-## provider = aws.network_account
-## for_each = toset(flatten(concat([for k, v in data.aws_network_acls.network_acls : v.ids])))
-## id = each.key
-## }
-
-# there is no aws_network_acl data resource. Fake this out with null_resource
-# aws --profile "057445207498-ent-gov-network-sa" --region $(get-region) ec2 describe-network-acls --network-acl-id "acl-0c19a5f3ea6a86d51" > X.json
-# there is still no aws_network_acl, but there is an issue for it
-# https://github.com/hashicorp/terraform-provider-aws/issues/19754
-
-resource "null_resource" "setup_directory" {
- triggers = {
- directory = "setup"
- }
-
- provisioner "local-exec" {
- command = "test -d ${path.root}/${self.triggers.directory} || mkdir -p ${path.root}/${self.triggers.directory}"
- }
-}
-
-resource "null_resource" "network_acl" {
- for_each = toset(flatten(concat([for k, v in data.aws_network_acls.network_acls : v.ids])))
- triggers = {
- directory = null_resource.setup_directory.triggers.directory
- network_acl_id = each.key
- filename = "network_acl.${each.key}.json"
- full_filename = format("%v/%v/%v", path.root, "setup", "network_acl.${each.key}.json")
- }
-
- provisioner "local-exec" {
- working_dir = path.root
- command = "${path.module}/bin/assume_role_wrapper.sh aws ec2 describe-network-acls --network-acl-id ${each.key} --output json > ${self.triggers.directory}/${self.triggers.filename}"
- environment = {
- AWS_PROFILE = var.profile
- AWS_REGION = local.region
- ROLE_ARN = var.role_arn
- }
- }
+data "awscc_ec2_network_acl" "nacls" {
+ provider = awscc.network_account
+ for_each = local._nacl_enabled ? data.awscc_ec2_network_acls.nacls[0].ids : toset([])
+ id = each.key
}
-data "local_file" "network_acl" {
- # for_each = toset(flatten(concat([for k, v in data.aws_network_acls.network_acls : v.ids])))
- for_each = null_resource.network_acl
- # filename = format("%v/%v/%v", path.root, each.value.triggers.directory, each.value.triggers.filename)
- filename = each.value.triggers.full_filename
-}
-
-resource "null_resource" "network_acls" {
- triggers = {
- network_acls = join(",", [for k, v in data.local_file.network_acl : v.filename])
- filename = format("%v/%v/%v", path.root, "setup", "network_acls_extracted.dat")
- }
- provisioner "local-exec" {
- command = "touch ${self.triggers.filename}"
- }
-}
+# data "aws_network_acls" "network_acls" {
+# for_each = local._nacl_enabled ? toset(data.aws_vpcs.vpcs.ids) : toset([])
+# filter {
+# name = "owner-id"
+# values = [data.aws_arn.network_account.account]
+# }
+# filter {
+# name = "vpc-id"
+# values = [each.key]
+# }
+# }
## output "network_acls" {
@@ -85,10 +37,10 @@ locals {
# network_acls_tags = fileexists(null_resource.network_acls.triggers.filename) ? { for k, v in local.network_acls : k => merge({ for t in v.Tags : t.Key => t.Value }, { "boc:vpc:owner_id" = v.OwnerId }) } : {}
# network_acls_tags_map = fileexists(null_resource.network_acls.triggers.filename) ? flatten([for k, v in local.network_acls_tags : [for tk, tv in v : { label = format("%v__%v", k, tk), network_acl_id = k, key = tk, value = tv }]]) : []
- _nacl_enabled = var.tag_enabled_network_acls
- _network_acls = { for k, v in data.local_file.network_acl : k => jsondecode(v.content) if local._nacl_enabled }
- network_acls = { for k, v in local._network_acls : k => lookup(v, "NetworkAcls", [{ "Tags" : [], "OwnerId" : "" }])[0] }
- network_acls_tags = { for k, v in local.network_acls : k => merge({ for t in v.Tags : t.Key => t.Value }, { "boc:vpc:owner_id" = v.OwnerId }) }
+ _nacl_enabled = var.tag_enabled_network_acls
+ # _network_acls = { for k, v in data.local_file.network_acl : k => jsondecode(v.content) if local._nacl_enabled }
+ # network_acls_tags = { for k, v in local.network_acls : k => merge({ for t in v.Tags : t.Key => t.Value }, { "boc:vpc:owner_id" = v.OwnerId }) }
+ network_acls_tags = { for k, v in data.awsccl_ec2_network_acl.nacls : k => merge(v.tags, { "boc:vpc:owner_id" = v.owner_id }) }
network_acls_tags_map = flatten([for k, v in local.network_acls_tags : [for tk, tv in v : { label = format("%v__%v", k, tk), network_acl_id = k, key = tk, value = tv }]])
}
diff --git a/tag-shared-vpc-resources/versions.tf b/tag-shared-vpc-resources/versions.tf
index 907372c..b773b0a 100644
--- a/tag-shared-vpc-resources/versions.tf
+++ b/tag-shared-vpc-resources/versions.tf
@@ -4,9 +4,14 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.66.0"
+ version = ">= 5.0"
configuration_aliases = [aws.network_account]
}
+ awscc = {
+ source = "hashicorp/awscc"
+ version = ">= 1.0"
+ configuration_aliases = [awscc.network_account]
+ }
null = {
source = "hashicorp/null"
version = ">= 3.0"