Supports management of all default networking resources in an AWS region. Use this module to lock down those resource by removing ingress/egress rules for the default network ACL and the ingress/egress rules for the default security group rules. These resources are special so please read the accompanying documentation below.
Resources supported:
- aws_default_network_acl
- aws_default_route_table
- aws_default_security_group
- aws_default_subnet
- aws_default_vpc
- aws_default_vpc_dhcp_options
WARNING: The management of default VPC resources in AWS is meant to close security holes and follow best practices. If you have an architecture that relies on default VPC resources DO NOT use this module until those resources have been moved to non-default resources. Once you apply this module to your architecture it is incredibly hard to undo as simply removing the module will not "reset" any changes made by the module. Please read the linked terraform docs above for more information about managing default resources.
Terraform 0.12. Pin module version to ~> 2.X . Submit pull-requests to master branch.
Terraform 0.12. Pin module version to ~> 1X . Submit pull-requests to terraform012 branch.
Terraform 0.11 was never supported.
# Allows all services to log to bucket
module "default_vpc" {
source = "trussworks/destroy-default-vpc/aws"
region = "us-west-2"
}An example that will apply to all regions in an account:
data "aws_regions" "current" {}
data "aws_availability_zones" "available" {
state = "available"
}
module "default_vpc" {
source = "trussworks/destroy-default-vpc/aws"
for_each = toset(data.aws_regions.current.names)
region = each.value
}| Name | Version |
|---|---|
| terraform | ~> 0.13.0 |
| aws | ~> 3.0 |
| Name | Version |
|---|---|
| aws | ~> 3.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| azs | List of AZs to manage using only the letters, not full AZ name | list |
[ |
no |
| region | AWS Region | string |
"us-west-2" |
no |
| Name | Description |
|---|---|
| network_acl | The Default Network ACL |
| route_table | The Default Route Table |
| security_group | The Default Security Group |
| subnets | The Default Subnets |
| vpc | The Default VPC |
| vpc_dhcp_options | The Default VPC DHCP Options Set |
TBD - No upgrade paths yet
Install dependencies (macOS)
brew install pre-commit terraform terraform-docsmake test