From f486914e1b506b1790077f68fd70d1cdccf8f3d1 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Mon, 10 May 2021 16:01:32 -0400
Subject: [PATCH] add rule resources

---
 nacl-rules/README.md |  4 +++-
 nacl-rules/main.tf   | 27 ++++++++++++++++++++++++++-
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/nacl-rules/README.md b/nacl-rules/README.md
index 16bc630..6b140cf 100644
--- a/nacl-rules/README.md
+++ b/nacl-rules/README.md
@@ -6,7 +6,7 @@ acl and should be called first.
 # Usage
 
 ```hcl
-module "nacl-rules" {
+module "nacls_enterprise" {
   source            = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//nacl-rules"
   network_acl_id    = module.nacls.private_network_acl
 
@@ -43,6 +43,8 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [aws_network_acl_rule.in](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |
+| [aws_network_acl_rule.out](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
diff --git a/nacl-rules/main.tf b/nacl-rules/main.tf
index aad6f03..fc12d15 100644
--- a/nacl-rules/main.tf
+++ b/nacl-rules/main.tf
@@ -7,7 +7,7 @@
 * # Usage
 * 
 * ```hcl
-* module "nacl-rules" {
+* module "nacls_enterprise" {
 *   source            = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//nacl-rules"
 *   network_acl_id    = module.nacls.private_network_acl
 *
@@ -97,3 +97,28 @@ locals {
   r4 = [for v in local.r3 : v.rule_number]
   r5 = length(local.r4) > 0 ? max(local.r4...) : null
 }
+
+resource "aws_network_acl_rule" "in" {
+  for_each       = { for nr in local.r3 : nr.label => nr if ! nr.egress }
+  network_acl_id = var.network_acl_id
+  rule_number    = each.value.rule_number
+  egress         = each.value.egress
+  protocol       = each.value.protocol
+  rule_action    = each.value.action
+  from_port      = each.value.from_port
+  to_port        = each.value.to_port
+  cidr_block     = each.value.cidr
+}
+
+resource "aws_network_acl_rule" "out" {
+  for_each       = { for nr in local.r3 : nr.label => nr if nr.egress }
+  network_acl_id = var.network_acl_id
+  rule_number    = each.value.rule_number
+  egress         = each.value.egress
+  protocol       = each.value.protocol
+  rule_action    = each.value.action
+  from_port      = each.value.from_port
+  to_port        = each.value.to_port
+  cidr_block     = each.value.cidr
+}
+