Why are two AWS network ACLs getting created?
193 views
Skip to first unread message
Pete Emerson
Jun 15, 2015, 7:40:55 PM6/15/15
to terrafo...@googlegroups.com
First, terraform is *brilliant*, I'm totally loving it so far. Thank you!
If I create an AWS VPC or an AWS internet gateway, one (and only one) is created.
However, if I create an AWS Network ACL, it looks like a default Network ACL is created and then my additional one that is specified in the terraform file.
Is there a way to manipulate the default Network ACL instead of creating a new one?
My aws_network_acl section looks like this:
resource "aws_network_acl" "default" {
vpc_id = "${aws_vpc.default.id}"
subnet_ids = ["${aws_subnet.us-west-2a-public.id}","${aws_subnet.us-west-2b-public.id}","${aws_subnet.us-west-2a-private.id}","${aws_subnet.us-west-2b-private.id}"]
tags {
Name = "dev"
}
}
The results are that there is an empty network ACL with 0 subnets associated with it, and a network ACL named "dev" with 4 subnets associated with it. I figured it would follow in the footsteps of the internet gateway, where only one gets created:
Thanks,
Pete
Pete
Jake Gaylor
Mar 30, 2016, 1:38:29 PM3/30/16
to Terraform
In my attempt to find the answer to this same question google brought me here. Paul, did you ever figure this out? Does anyone else know what's going on here?
greg....@reddit.com
May 19, 2016, 2:03:53 AM5/19/16
to Terraform
I'm running into this as well. If anyone has figured this out since March, I'd love to hear.
Clint Shryock
May 19, 2016, 12:57:59 PM5/19/16
to terrafo...@googlegroups.com
Hello friends –
I apologize for the silence here. When you create a new VPC, you get a Default Network ACL created for you; this is just part of creating VPC. If you create a VPC with the raw API call, you will still get a Default Network ACL. You cannot destroy the Default Network ACL.
In Terraform v0.6.15, we did add a new resource to manage this Default Network ACL:
> The results are that there is an empty network ACL with 0 subnets associated with it
In a VPC, all Subnets belong to a Network ACL. If you create a Subnet and do not specify a network acl (say, by creating the subnet via the API), the subnet will belong to the Default Network ACL. If you create a new custom Network ACL and associate subnets with it, but later either remove a subnet from that ACL, or destroy the custom Network ACL itself, the subnet will automatically become associated with the Default Network ACL.
Hope this helps!
Best,
Clint
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/873a2251-6f82-4cde-9878-14f95ed0a5a1%40googlegroups.com.
Clint
Reply all
Reply to author
Forward
0 new messages