search

terraform-aws-modules / terraform-aws-vpc

Terraform module to create AWS VPC resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws
Apache License 2.0
2.99k stars 4.44k forks source link

ACL Rules : missing IPv6 rules #1035

Closed psantus closed 8 months ago

psantus commented 10 months ago

Description

Variables public_inbound_acl_rules, private_inbound_acl_rules, intra_inbound_acl_rules, database_inbound_acl_rules, elasticache_inbound_acl_rules, redshift_inbound_acl_rules all contains the following default value.

default = [
    {
      rule_number = 100
      rule_action = "allow"
      from_port   = 0
      to_port     = 0
      protocol    = "-1"
      cidr_block  = "0.0.0.0/0"
    },

That fails to cover IPv6 rules.

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

Reproduction Code [Required]

Steps to reproduce the behavior:

public_dedicated_network_acl = true

Expected behavior

If no rule is specified and IPv6 is enabled, default ACL should include IPv6 rules 

  {
      rule_number      = 101
      rule_action      = "allow"
      from_port        = 0
      to_port          = 0
      protocol         = "-1"
      ipv6_cidr_block  = "::/0"
    },

Actual behavior

They don't

psantus commented 10 months ago

I know Terraform can't have references, only literals, in default value. Maybe plan for a separate set of *_inbound_acl_ipv6_rules to accommodate for ipv6 rules and their default values?

github-actions[bot] commented 9 months ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] commented 8 months ago

This issue was automatically closed because of stale in 10 days

github-actions[bot] commented 7 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.