Browse the Repo

file-type-icon.circleci
file-type-iconexamples
file-type-iconmodules
file-type-icon_docs
file-type-iconnetwork-acl-inbound
file-type-iconnetwork-acl-outbound
file-type-iconvpc-app-network-acls
file-type-iconREADME.md
file-type-iconmain.tf
file-type-iconoutputs.tf
file-type-iconvars.tf
file-type-iconvpc-app
file-type-iconvpc-dns-forwarder-rules
file-type-iconvpc-dns-forwarder
file-type-iconvpc-flow-logs
file-type-iconvpc-mgmt-network-acls
file-type-iconvpc-mgmt
file-type-iconvpc-peering-external
file-type-iconvpc-peering
file-type-icontest
file-type-icon.gitignore
file-type-iconCODEOWNERS
file-type-iconLICENSE.txt
file-type-iconREADME.md

Browse the Repo

file-type-icon.circleci
file-type-iconexamples
file-type-iconmodules
file-type-icon_docs
file-type-iconnetwork-acl-inbound
file-type-iconnetwork-acl-outbound
file-type-iconvpc-app-network-acls
file-type-iconREADME.md
file-type-iconmain.tf
file-type-iconoutputs.tf
file-type-iconvars.tf
file-type-iconvpc-app
file-type-iconvpc-dns-forwarder-rules
file-type-iconvpc-dns-forwarder
file-type-iconvpc-flow-logs
file-type-iconvpc-mgmt-network-acls
file-type-iconvpc-mgmt
file-type-iconvpc-peering-external
file-type-iconvpc-peering
file-type-icontest
file-type-icon.gitignore
file-type-iconCODEOWNERS
file-type-iconLICENSE.txt
file-type-iconREADME.md
Virtual Private Cloud (VPC)

Virtual Private Cloud (VPC)

Create a Virtual Private Cloud (VPC). Includes multiple subnet tiers, NACLs, NAT gateways, Internet Gateways, and VPC peering.

Preview the Code

mobile file icon

README.md

down

VPC-App Network ACLs Terraform Module

This Terraform Module adds a default set of Network ACLs to a VPC created using the vpc-app module. The ACLs enforce the following security settings (based on A Reference VPC Architecture):

  • Public subnet: Allow all requests.
  • Private app subnet: Allow all requests to/from the public subnets, private persistence subnets, and the Mgmt VPC. Allow all outbound TCP requests plus return traffic from any IP for those TCP requests on ephemeral ports.
  • Private persistence subnet: Allow all requests to/from the private app subnets and the Mgmt VPC.

How do you use this module?

Check out the vpc-network-acls example.

Check out vars.tf for all the configuration options available.

What's a VPC?

A VPC or Virtual Private Cloud is a logically isolated section of your AWS cloud. Each VPC defines a virtual network within which you run your AWS resources, as well as rules for what can go in and out of that network. This includes subnets, route tables that tell those subnets how to route inbound and outbound traffic, security groups, firewalls for the subnet (known as "Network ACLs"), and any other network components such as VPN connections.

What's a Network ACL?

Network ACLs provide an extra layer of network security, similar to a security group. Whereas a security group controls what inbound and outbound traffic is allowed for a specific resource (e.g. a single EC2 instance), a network ACL controls what inbound and outbound traffic is allowed for an entire subnet.

Questions? Ask away.

We're here to talk about our services, answer any questions, give advice, or just to chat.

Ready to hand off the Gruntwork?