add rule resources

terraform-modules · May 10, 2021 · f486914 · f486914
1 parent df2d01d
commit f486914
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/nacl-rules/README.md b/nacl-rules/README.md
@@ -6,7 +6,7 @@ acl and should be called first.
 # Usage
 
 ```hcl
-module "nacl-rules" {
+module "nacls_enterprise" {
   source            = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//nacl-rules"
   network_acl_id    = module.nacls.private_network_acl
 
@@ -43,6 +43,8 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [aws_network_acl_rule.in](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |
+| [aws_network_acl_rule.out](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |

diff --git a/nacl-rules/main.tf b/nacl-rules/main.tf
@@ -7,7 +7,7 @@
 * # Usage
 * 
 * ```hcl
-* module "nacl-rules" {
+* module "nacls_enterprise" {
 *   source            = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//nacl-rules"
 *   network_acl_id    = module.nacls.private_network_acl
 *
@@ -97,3 +97,28 @@ locals {
   r4 = [for v in local.r3 : v.rule_number]
   r5 = length(local.r4) > 0 ? max(local.r4...) : null
 }
+
+resource "aws_network_acl_rule" "in" {
+  for_each       = { for nr in local.r3 : nr.label => nr if ! nr.egress }
+  network_acl_id = var.network_acl_id
+  rule_number    = each.value.rule_number
+  egress         = each.value.egress
+  protocol       = each.value.protocol
+  rule_action    = each.value.action
+  from_port      = each.value.from_port
+  to_port        = each.value.to_port
+  cidr_block     = each.value.cidr
+}
+
+resource "aws_network_acl_rule" "out" {
+  for_each       = { for nr in local.r3 : nr.label => nr if nr.egress }
+  network_acl_id = var.network_acl_id
+  rule_number    = each.value.rule_number
+  egress         = each.value.egress
+  protocol       = each.value.protocol
+  rule_action    = each.value.action
+  from_port      = each.value.from_port
+  to_port        = each.value.to_port
+  cidr_block     = each.value.cidr
+}
+