hauleth
commented
7 years ago With current Terraform there is no default ACL rule that allow for access in and out of VPC. I think it would be worth to document that.
Closed hauleth closed 7 years ago
hauleth
commented
7 years ago With current Terraform there is no default ACL rule that allow for access in and out of VPC. I think it would be worth to document that.
dyindude
commented
7 years ago The current code will set up nat gateways for each private subnet if you set enable_nat_gateway to true. This module does not create any network ACLs or security groups for you.
The default network ACL for a VPC allows all traffic in and out.
If you are creating security groups in your own script that uses the VPC created by this module, the docs for aws_security_group show that the default outbound rules will not be created by Terraform unless you add an egress rule for it yourself:
https://www.terraform.io/docs/providers/aws/r/security_group.html NOTE on Egress rules: By default, AWS creates an
ALLOW ALLegress rule when creating a new Security Group inside of a VPC. When creating a new Security Group inside a VPC, Terraform will remove this default rule, and require you specifically re-create it if you desire that rule. We feel this leads to fewer surprises in terms of controlling your egress rules. If you desire this rule to be in place, you can use thisegressblock:egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] }
thomasbiddle
commented
7 years ago @hauleth Has this been answered?
As an note - DNS is disabled by default in this repo. So you may have network connectivity (eg: ping 8.8.8.8), but couldn't resolve the host you were addressing (eg: google.com)
To enable DNS, you need enable_dns_support = true within this module.
antonbabenko
commented
7 years ago Closing now, because it seems it has been answered. If not leave a comment.
what do you mean by that?