Port Calculator Module
NOTE:
This module is an intermediate module used by network-acl-inbound and network-acl-outbound modules. This is not intended to be used directly.
This Terraform Module includes port computations that make it easier to implement NACL rules that explicitly omit specific ports. This is useful for adhering to various compliance standards that explicitly deny inclusion of NACL rules that allow unrestricted access to certain ports, regardless of the priority of the rule.
For example, if the input specifies to exclude the ports 22 and 3389, the output will be a list of port ranges that exclude just those ports:
[
[0, 21],
[23, 3388],
[3390, 65535],
]
Sample Usage
- Terraform
- Terragrunt
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S PORT-RANGE-CALCULATOR MODULE
# ------------------------------------------------------------------------------------------------------
module "port_range_calculator" {
source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/port-range-calculator?ref=v0.28.1"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------
# List of ports to exclude from the range.
exclude_ports = <list(number)>
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
# The starting range of the port range that is returned.
from_port = 0
# The ending range of the port range that is returned.
to_port = 65535
}
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S PORT-RANGE-CALCULATOR MODULE
# ------------------------------------------------------------------------------------------------------
terraform {
source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/port-range-calculator?ref=v0.28.1"
}
inputs = {
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------
# List of ports to exclude from the range.
exclude_ports = <list(number)>
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
# The starting range of the port range that is returned.
from_port = 0
# The ending range of the port range that is returned.
to_port = 65535
}
Reference
- Inputs
- Outputs
Required
exclude_ports
list(number)List of ports to exclude from the range.
Optional
from_port
numberThe starting range of the port range that is returned.
0
to_port
numberThe ending range of the port range that is returned.
65535
List of port ranges that when combined, exclude the ports in the exclude_ports list. This is null if all ports are allowed.
Map of port ranges to the ranges to allow. This is provided as a convenience output for use with resource for_each.