search

pulumi / pulumi-aws-quickstart-vpc

Temporary repository to hold the roadmap and early code for the AWS Quickstart VPC
Apache License 2.0
4 stars 2 forks source link

ACL Port ranges are required but not required by cloudformation or provided in the quickstart #9

Closed ajhool closed 2 years ago

ajhool commented 2 years ago

Code:

         ***********************************************************/
        privateNetworkAclName := "Pulumi Private Network ACL"
        _, privateNetworkAclErr := ec2.NewNetworkAcl(ctx, "private-network-acl", &ec2.NetworkAclArgs{
            VpcId: vpc.ID(),
            Egress: ec2.NetworkAclEgressArray{
                ec2.NetworkAclEgressArgs{
                    Action:    pulumi.String("allow"),
                    CidrBlock: pulumi.String(entireInternetCidr),
                    Protocol:  pulumi.String("-1"),
                    RuleNo:    pulumi.Int(100),
                },
            },
            Ingress: ec2.NetworkAclIngressArray{
                ec2.NetworkAclIngressArgs{
                    Action:    pulumi.String("allow"),
                    CidrBlock: pulumi.String(entireInternetCidr),
                    Protocol:  pulumi.String("-1"),
                    RuleNo:    pulumi.Int(100),
                },
            },
            Tags: pulumi.StringMap{
                "Name":    pulumi.String(privateNetworkAclName),
                "Network": pulumi.String("NACL Protected"),
            },
        })

Error:

Diagnostics:
  aws:ec2:NetworkAcl (private-network-acl):
    error: aws:ec2/networkAcl:NetworkAcl resource 'private-network-acl' has a problem: Missing required argument: The argument "ingress.0.from_port" is required, but no definition was found.. Examine values at 'NetworkAcl.Ingresses'.
    error: aws:ec2/networkAcl:NetworkAcl resource 'private-network-acl' has a problem: Missing required argument: The argument "ingress.0.to_port" is required, but no definition was found.. Examine values at 'NetworkAcl.Ingresses'.
    error: aws:ec2/networkAcl:NetworkAcl resource 'private-network-acl' has a problem: Missing required argument: The argument "egress.0.from_port" is required, but no definition was found.. Examine values at 'NetworkAcl.Egresses'.
    error: aws:ec2/networkAcl:NetworkAcl resource 'private-network-acl' has a problem: Missing required argument: The argument "egress.0.to_port" is required, but no definition was found.. Examine values at 'NetworkAcl.Egresses'.
ajhool commented 2 years ago

Terraform does have this as a required field:

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl#from_port

ajhool commented 2 years ago

Terraform will ignore the rule if the protocol is -1 or all. Will use all:

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule