@@ -13,101 +13,8 @@ module "vpc" {
1313 private_subnets = " 10.0.1.0/24" " 10.0.2.0/24" " 10.0.3.0/24"
1414 public_subnets = " 10.0.101.0/24" " 10.0.102.0/24" " 10.0.103.0/24"
1515
16- public_inbound_acl_rules =
17- {
18- rule_number = 100
19- rule_action = " allow"
20- from_port = 80
21- to_port = 80
22- protocol = " tcp"
23- cidr_block = " 0.0.0.0/0"
24- description = " Allow inbound HTTP traffic from any IPv4 address"
25- },
26- {
27- rule_number = 110
28- rule_action = " allow"
29- from_port = 443
30- to_port = 443
31- protocol = " tcp"
32- cidr_block = " 0.0.0.0/0"
33- description = " Allow inbound HTTPS traffic from any IPv4 address"
34- },
35- {
36- rule_number = 120
37- rule_action = " allow"
38- from_port = 22
39- to_port = 22
40- protocol = " tcp"
41- cidr_block = " 0.0.0.0/0"
42- description = " Allow inbound SSH traffic from any IPv4 address"
43- },
44- {
45- rule_number = 130
46- rule_action = " allow"
47- from_port = 3389
48- to_port = 3389
49- protocol = " tcp"
50- cidr_block = " 0.0.0.0/0"
51- description = " Allow inbound RDP traffic from any IPv4 address"
52- },
53- {
54- rule_number = 140
55- rule_action = " allow"
56- from_port = 1024
57- to_port = 65535
58- protocol = " tcp"
59- cidr_block = " 0.0.0.0/0"
60- description = " Allow inbound return traffic from hosts"
61- },
62- ]
63-
64- public_outbound_acl_rules =
65- {
66- rule_number = 100
67- rule_action = " allow"
68- from_port = 80
69- to_port = 80
70- protocol = " tcp"
71- cidr_block = " 0.0.0.0/0"
72- description = " Allow outbound HTTP traffic from the subnet to the Internet"
73- },
74- {
75- rule_number = 110
76- rule_action = " allow"
77- from_port = 443
78- to_port = 443
79- protocol = " tcp"
80- cidr_block = " 0.0.0.0/0"
81- description = " Allow outbound HTTPS traffic from the subnet to the Internet"
82- },
83- {
84- rule_number = 120
85- rule_action = " allow"
86- from_port = 1433
87- to_port = 1433
88- protocol = " tcp"
89- cidr_block = " 10.0.100.0/22"
90- description = " Allow outbound MS SQL access to database servers in the private subnet"
91- },
92- {
93- rule_number = 130
94- rule_action = " allow"
95- from_port = 32768
96- to_port = 65535
97- protocol = " tcp"
98- cidr_block = " 0.0.0.0/0"
99- description = " Allows outbound responses to clients on the Internet"
100- },
101- {
102- rule_number = 140
103- rule_action = " allow"
104- from_port = 22
105- to_port = 22
106- protocol = " tcp"
107- cidr_block = " 10.0.100.0/22"
108- description = " Allows outbound SSH access to instances in your private subnet"
109- },
110- ]
16+ public_inbound_acl_rules = " ${ concat (local. network_acls [" default_inbound" . network_acls [" public_inbound" } "
17+ public_outbound_acl_rules = " ${ concat (local. network_acls [" default_outbound" . network_acls [" public_outbound" } "
11118
11219 assign_generated_ipv6_cidr_block = true
11320
@@ -127,3 +34,110 @@ module "vpc" {
12734 Name = " vpc-name"
12835 }
12936}
37+
38+ locals {
39+ network_acls =
40+ default_inbound = [
41+ {
42+ rule_number = 900
43+ rule_action = " allow"
44+ from_port = 1024
45+ to_port = 65535
46+ protocol = " tcp"
47+ cidr_block = " 0.0.0.0/0"
48+ description = " Allow inbound return traffic from hosts"
49+ },
50+ ]
51+
52+ default_outbound = [
53+ {
54+ rule_number = 900
55+ rule_action = " allow"
56+ from_port = 32768
57+ to_port = 65535
58+ protocol = " tcp"
59+ cidr_block = " 0.0.0.0/0"
60+ description = " Allows outbound responses to clients"
61+ },
62+ ]
63+
64+ public_inbound = [
65+ {
66+ rule_number = 100
67+ rule_action = " allow"
68+ from_port = 80
69+ to_port = 80
70+ protocol = " tcp"
71+ cidr_block = " 0.0.0.0/0"
72+ description = " Allow inbound HTTP traffic from any IPv4 address"
73+ },
74+ {
75+ rule_number = 110
76+ rule_action = " allow"
77+ from_port = 443
78+ to_port = 443
79+ protocol = " tcp"
80+ cidr_block = " 0.0.0.0/0"
81+ description = " Allow inbound HTTPS traffic from any IPv4 address"
82+ },
83+ {
84+ rule_number = 120
85+ rule_action = " allow"
86+ from_port = 22
87+ to_port = 22
88+ protocol = " tcp"
89+ cidr_block = " 0.0.0.0/0"
90+ description = " Allow inbound SSH traffic from any IPv4 address"
91+ },
92+ {
93+ rule_number = 130
94+ rule_action = " allow"
95+ from_port = 3389
96+ to_port = 3389
97+ protocol = " tcp"
98+ cidr_block = " 0.0.0.0/0"
99+ description = " Allow inbound RDP traffic from any IPv4 address"
100+ },
101+ ]
102+
103+ public_outbound = [
104+ {
105+ rule_number = 100
106+ rule_action = " allow"
107+ from_port = 80
108+ to_port = 80
109+ protocol = " tcp"
110+ cidr_block = " 0.0.0.0/0"
111+ description = " Allow outbound HTTP traffic from the subnet to the Internet"
112+ },
113+ {
114+ rule_number = 110
115+ rule_action = " allow"
116+ from_port = 443
117+ to_port = 443
118+ protocol = " tcp"
119+ cidr_block = " 0.0.0.0/0"
120+ description = " Allow outbound HTTPS traffic from the subnet to the Internet"
121+ },
122+ {
123+ rule_number = 120
124+ rule_action = " allow"
125+ from_port = 1433
126+ to_port = 1433
127+ protocol = " tcp"
128+ cidr_block = " 10.0.100.0/22"
129+ description = " Allow outbound MS SQL access to database servers in the private subnet"
130+ },
131+
132+ {
133+ rule_number = 130
134+ rule_action = " allow"
135+ from_port = 22
136+ to_port = 22
137+ protocol = " tcp"
138+ cidr_block = " 10.0.100.0/22"
139+ description = " Allows outbound SSH access to instances in your private subnet"
140+ },
141+ ]
142+ }
143+ }
0 commit comments