I'm trying to modify the default NACL of a pre-existing VPC in AWS.
I'm attempting to adapt/use the syntax from the doc, but I'm not having much success.
The VPC already exists (but was not created in/by Terraform).
I am attempting to reference the VPC ID by using a data resource type rather than the resource type shown in the doc.
My code looks like this:
data "aws_vpc" "default" {
id = "vpc-067415793148e22d1"
}
resource "aws_default_network_acl" "default" {
default_network_acl_id = data.aws_vpc.default.default_network_acl.id
egress {
protocol = "tcp"
rule_no = 80
action = "deny"
cidr_block = "0.0.0.0/0"
from_port = 22
to_port = 22
}
ingress {
protocol = "tcp"
rule_no = 90
action = "deny"
cidr_block = "0.0.0.0/0"
from_port = 3389
to_port = 3389
}
}
But Terraform does not like me trying to use a data reference whenn trying to get the default_network_acl_id value? It outputs:
╷
│ Error: Unsupported attribute
│
│ on main.tf line 39, in resource "aws_default_network_acl" "default":
│ 39: default_network_acl_id = data.aws_vpc.default.default_network_acl_id
│
│ This object has no argument, nested block, or exported attribute named "default_network_acl_id".
╵
I'm a little bit stuck where to go from this. I understand if I was creating a resource "aws_vpc" "mainvpc" {} I would be able to reference that, but to get the VPC information as data from an existing VPC does not seem to be as strightforward?
Is what I am trying to do possible in this way?
Many thanks.
Data resource of aws_vpc does not return default nacl id. Fields of a sample vpc looks like
> data.aws_vpc.default
{
"arn" = "arn:aws:ec2:eu-central-1:xxxxxxxxxxxx:vpc/vpc-xxxxax4x"
"cidr_block" = "172.31.0.0/16"
"cidr_block_associations" = tolist([
{
"association_id" = "vpc-cidr-assoc-1a8c4771"
"cidr_block" = "172.31.0.0/16"
"state" = "associated"
},
])
"default" = true
"dhcp_options_id" = "dopt-85xxxaef"
"enable_dns_hostnames" = true
"enable_dns_support" = true
"enable_network_address_usage_metrics" = false
"filter" = toset(null) /* of object */
"id" = "vpc-xxxxx4x"
"instance_tenancy" = "default"
"ipv6_association_id" = ""
"ipv6_cidr_block" = ""
"main_route_table_id" = "rtb-xx2exx68"
"owner_id" = "xxxxxxxxxxxx"
"state" = tostring(null)
"tags" = tomap({})
"timeouts" = null /* object */
}
Only the way to get default nacl id is using aws_network_acls data resource with filter default as true value.
data "aws_vpc" "default" {
id = "vpc-2951a943"
}
data "aws_network_acls" "default" {
vpc_id = data.aws_vpc.default.id
filter {
name = "default"
values = [true]
}
}
resource "aws_default_network_acl" "default" {
default_network_acl_id = data.aws_network_acls.default.ids[0]
egress {
protocol = "tcp"
rule_no = 80
action = "deny"
cidr_block = "0.0.0.0/0"
from_port = 22
to_port = 22
}
ingress {
protocol = "tcp"
rule_no = 90
action = "deny"
cidr_block = "0.0.0.0/0"
from_port = 3389
to_port = 3389
}
}