Default NACL
π¦ Overviewβ
This Terraform module provisions a default Network ACL (NACL) with open ingress and egress rules for the specified VPC and associated subnets.
It is intended for baseline connectivity where unrestricted access is acceptableβcommon in development, testing, or isolated environments.
β Key Featuresβ
- Creates a default NACL with allow-all rules
- Associates it with one or more subnet IDs
- Applies to both ingress and egress traffic
- Includes environment-based tags for tracking
πΌ Use Casesβ
- Development VPCs with no access restrictions
- Early-stage infrastructure where fine-grained security is not yet enforced
- Default NACL replacement to restore baseline connectivity
- Paired with tighter security group rules for instance-level control
π₯ Input Variablesβ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region for the NACL |
| vpc_id | string | The ID of the VPC where the NACL will be provisioned |
| subnet_ids | list(string) | List of subnet IDs to associate with the NACL |
| environment | string | Deployment environment tag (e.g., dev, staging, prod) |
π€ Outputsβ
| Name | Description |
|---|---|
| nacl_id | The ID of the provisioned Network ACL |
| associated_subnet_ids | List of subnet IDs associated with the NACL |
| vpc_id | The ID of the VPC where the NACL was deployed |
π Deployment Readinessβ
- β Compatible with Terraform 1.0+
- β Tested with AWS provider 5.x
- π§ͺ Requires IAM permissions for
ec2:CreateNetworkAcl,ec2:AssociateNetworkAcl, etc.
π οΈ Example Usageβ
module "nacl_default" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//network-security/nacl-default?ref=v1.0.0"
region = "us-east-1"
vpc_id = "vpc-0123456789abcdef0"
subnet_ids = ["subnet-abc123", "subnet-def456"]
environment = "dev"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
π§Ή Cleanup Optionsβ
terraform destroy
or
tofu destroy
Manual Deletion (for production):
Remove the NACL and its associations manually via AWS Console or CLI to avoid breaking live traffic.
π‘οΈ Notesβ
This is a Level 1 module designed for open-access NACL provisioning. For more restrictive rule sets or secure environments, use a custom NACL module with explicit deny/allow rules or combine this with Security Group enforcement.
π Deployment Package Noticeβ
This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.