Provide rule no dynamically for nacl

mohammedbanabila · July 2, 2021, 12:50pm

resource “aws_network_acl” “nacl100” {

vpc_id = aws_vpc.vpc_east1.id

dynamic “ingress” {

for_each = var.ports

content {

  action     = "allow"

  cidr_block = var.public_subnets[0]

  from_port  = ingress.value

  icmp_code  = 1

  icmp_type  = 1

  protocol   = "tcp"

  rule_no    = 10

  to_port    = ingress.value

}

}

dynamic “ingress” {

for_each = var.ports

content {

  action     = "allow"

  cidr_block = var.public_subnets[1]

  from_port  = ingress.value

  icmp_code  = 1

  icmp_type  = 1

  protocol   = "tcp"

  rule_no    = 20

  to_port    = ingress.value

}

}

dynamic “ingress” {

for_each = var.ports

content {

  action     = "allow"

  cidr_block = var.public_subnets[2]

  from_port  = ingress.value

  icmp_code  = 1

  icmp_type  = 1

  protocol   = "tcp"

  rule_no    = 30

  to_port    = ingress.value

}

}

dynamic “ingress” {

for_each = var.ports

content {

  action     = "allow"

  cidr_block = var.private_subnets_web[0]

  from_port  = ingress.value

  icmp_code  = 1

  icmp_type  = 1

  protocol   = "tcp"

  rule_no    = 40

  to_port    = ingress.value

}

}

dynamic “ingress” {

for_each = var.ports

content {

  action     = "allow"

  cidr_block = var.private_subnets_web[1]

  from_port  = ingress.value

  icmp_code  = 1

  icmp_type  = 1

  protocol   = "tcp"

  rule_no    = 50

  to_port    = ingress.value

}

}

dynamic “ingress” {

for_each = var.ports

content {

  action     = "allow"

  cidr_block = var.private_subnets_web[2]

  from_port  = ingress.value

  icmp_code  = 1

  icmp_type  = 1

  protocol   = "tcp"

  rule_no    = 50

  to_port    = ingress.value

}

}

dynamic “ingress” {

for_each = var.ports

content {

  action     = "allow"

  cidr_block = var.private_subnets_db[0]

  from_port  = ingress.value

  icmp_code  = 1

  icmp_type  = 1

  protocol   = "tcp"

  rule_no    = 60

  to_port    = ingress.value

}

}

dynamic “ingress” {

for_each = var.ports

content {

  action     = "allow"

  cidr_block = var.private_subnets_db[1]

  from_port  = ingress.value

  icmp_code  = 1

  icmp_type  = 1

  protocol   = "tcp"

  rule_no    = 70

  to_port    = ingress.value

}

}

dynamic “ingress” {

for_each = var.ports

content {

  action     = "allow"

  cidr_block = var.private_subnets_db[2]

  from_port  = ingress.value

  icmp_code  = 1

  icmp_type  = 1

  protocol   = "tcp"

  rule_no    = 80

  to_port    = ingress.value

}

}

egress {

action     = "deny"

cidr_block = "0.0.0.0/0"

from_port  = 0

icmp_code  = 1

icmp_type  = 1

protocol   = "-1"

rule_no    = 90

to_port    = 0

}
}

can be add rule no automatically with help of dynamic block

mohammedbanabila · July 28, 2021, 5:34pm

if i used
variable “rule_no” {
type = list(any)
}
variable"ports" {
type =list(number)
}
rule_no = [10, 20, 30, 40, 50, 60, 70, 80, 90, 100, 110, 120] in terraform.tfvars
ports = [ 22 . 80 .443. 5432 ] in terraform.tfvars

resource “aws_network_acl” “nacl100” {

vpc_id = aws_vpc.vpclnk.id

dynamic “ingress” {

for_each = [var.rule_no[0], var.rule_no[1], var.rule_no[2]]

iterator = rule_no

content {

  action     = "allow"

  cidr_block = element(var.public_subnet1, count.index)

  from_port  = var.ports[0]

  icmp_code  = 1

  icmp_type  = 1

  protocol   = "tcp"

  rule_no    = rule_no.value

  to_port    = var.ports[0]

}

}

dynamic “ingress” {

for_each = [var.rule_no[3], var.rule_no[4], var.rule_no[5]]

iterator = rule_no

content {

  action     = "allow"

  cidr_block = element(var.public_subnet1, count.index)

  from_port  = var.ports[1]

  icmp_code  = 1

  icmp_type  = 1

  protocol   = "tcp"

  rule_no    = rule_no.value

  to_port    = var.ports[1]

}

}

dynamic “ingress” {

for_each = [var.rule_no[6], var.rule_no[7], var.rule_no[8]]

iterator = rule_no

content {

  action     = "allow"

  cidr_block = element(var.public_subnet1, count.index)

  from_port  = var.ports[2]

  icmp_code  = 1

  icmp_type  = 1

  protocol   = "tcp"

  rule_no    = rule_no.value

  to_port    = var.ports[2]

}

}

dynamic “ingress” {

for_each = [var.rule_no[9], var.rule_no[10], var.rule_no[11]]

iterator = rule_no

content {

  action     = "allow"

  cidr_block = element(var.public_subnet1, count.index)

  from_port  = var.ports[3]

  icmp_code  = 1

  icmp_type  = 1

  protocol   = "tcp"

  rule_no    = rule_no.value

  to_port    = var.ports[3]

}

}

egress {

action     = "deny"

cidr_block = "0.0.0.0/0"

from_port  = 0

icmp_code  = 1

icmp_type  = 1

protocol   = "-t"

rule_no    = 1

to_port    = 130

}

count = 3

}

will that work for nacl rule no to add dynamically

Topic		Replies	Views
Issue with dynamic block Terraform	0	520	July 10, 2020
Dynamically create Private NACL with public cidr blocks as source ip Terraform hcp-terraform	2	1539	July 9, 2020
How to dynamically generate NACL rule set for AWS Gateway Endpoints? Terraform	5	666	March 25, 2023
How to handle known-after-appy in condition? Terraform	2	1108	December 20, 2021
Dynamic Block Inside for_each Resource Does Not Behave as Expected AWS	3	577	October 11, 2023

Provide rule no dynamically for nacl

Related topics