File tree Expand file tree Collapse file tree 2 files changed +26
-0
lines changed Expand file tree Collapse file tree 2 files changed +26
-0
lines changed Original file line number Diff line number Diff line change @@ -64,7 +64,9 @@ No modules.
6464| [ aws_nat_gateway.nat_gw] ( https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway ) | resource |
6565| [ aws_network_acl.main] ( https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl ) | resource |
6666| [ aws_network_acl_rule.block_rdp] ( https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule ) | resource |
67+ | [ aws_network_acl_rule.block_rdp_egress] ( https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule ) | resource |
6768| [ aws_network_acl_rule.block_ssh] ( https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule ) | resource |
69+ | [ aws_network_acl_rule.block_ssh_egress] ( https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule ) | resource |
6870| [ aws_network_acl_rule.https_request_egress_443] ( https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule ) | resource |
6971| [ aws_network_acl_rule.https_request_in_ingress_443] ( https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule ) | resource |
7072| [ aws_network_acl_rule.https_request_in_ingress_ephemeral] ( https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule ) | resource |
Original file line number Diff line number Diff line change @@ -31,6 +31,30 @@ resource "aws_network_acl_rule" "block_rdp" {
3131 to_port = 3389
3232}
3333
34+ resource "aws_network_acl_rule" "block_ssh_egress" {
35+ count = . block_ssh ? 1 : 0
36+ network_acl_id = . main . id
37+ rule_number = 52
38+ egress = true
39+ protocol = " tcp"
40+ rule_action = " deny"
41+ cidr_block = " 0.0.0.0/0"
42+ from_port = 22
43+ to_port = 22
44+ }
45+
46+ resource "aws_network_acl_rule" "block_rdp_egress" {
47+ count = . block_rdp ? 1 : 0
48+ network_acl_id = . main . id
49+ rule_number = 53
50+ egress = true
51+ protocol = " tcp"
52+ rule_action = " deny"
53+ cidr_block = " 0.0.0.0/0"
54+ from_port = 3389
55+ to_port = 3389
56+ }
57+
3458# Allow an HTTPS request out of the VPC
3559resource "aws_network_acl_rule" "https_request_egress_443" {
3660 count = . allow_https_request_out ? 1 : 0
You can’t perform that action at this time.
0 commit comments