» fastly_service_acl_entries_v1

Defines a set of Fastly ACL entries that can be used to populate a service ACL. This resource will populate an ACL with the entries and will track their state.

If Terraform is being used to populate the initial content of an ACL which you intend to manage via API or UI, then the lifecycle ignore_changes field can be used with the resource. An example of this configuration is provided below.

» Example Usage

Basic usage:

variable "myacl_name" {
    type = string
    default = "My ACL"
}

resource "fastly_service_v1" "myservice" {
  name = "demofastly"

  domain {
      name = "demo.notexample.com"
      comment = "demo"
  }

  backend {
      address = "demo.notexample.com.s3-website-us-west-2.amazonaws.com"
      name = "AWS S3 hosting"
      port = 80
    }

  acl {
    name = var.myacl_name
  }

  force_destroy = true
}

resource "fastly_service_acl_entries_v1" "entries" {
  service_id = fastly_service_v1.myservice.id
  acl_id = {for d in fastly_service_v1.myservice.acl : d.name => d.acl_id}[var.myacl_name]
  entry {
    ip = "127.0.0.1"
    subnet = "24"
    negated = false
    comment = "ALC Entry 1"
  }
}

Complex object usage:

The following example demonstrates the use of dynamic nested blocks to create ACL entries.

locals {
  acl_name = "my_acl"
  acl_entries = [
    {
      ip      = "1.2.3.4"
      comment = "acl_entry_1"
    },
    {
      ip      = "1.2.3.5"
      comment = "acl_entry_2"
    },
    {
      ip      = "1.2.3.6"
      comment = "acl_entry_3"
    }
  ]
}

resource "fastly_service_v1" "myservice" {
  name = "demofastly"

  domain {
    name    = "demo.notexample.com"
    comment = "demo"
  }

  backend {
    address = "1.2.3.4"
    name    = "localhost"
    port    = 80
  }

  acl {
    name = local.acl_name
  }

  force_destroy = true
}

resource "fastly_service_acl_entries_v1" "entries" {
  service_id = fastly_service_v1.myservice.id
  acl_id     = { for d in fastly_service_v1.myservice.acl : d.name => d.acl_id }[local.acl_name]
  dynamic "entry" {
    for_each = [for e in local.acl_entries : {
      ip      = e.ip
      comment = e.comment
    }]

    content {
      ip      = entry.value.ip
      subnet  = 22
      comment = entry.value.comment
      negated = false
    }
  }
}

» Supporting API and UI ACL updates with ignore_changes

The following example demonstrates how the lifecycle ignore_changes field can be used to suppress updates against the entries in an ACL. If, after your first deploy, the Fastly API or UI is to be used to manage entries in an ACL, then this will stop Terraform realigning the remote state with the initial set of ACL entries defined in your HCL.

...

resource "fastly_service_acl_entries_v1" "entries" {
  service_id = fastly_service_v1.myservice.id
  acl_id = {for d in fastly_service_v1.myservice.acl : d.name => d.acl_id}[var.myacl_name]
  entry {
    ip = "127.0.0.1"
    subnet = "24"
    negated = false
    comment = "ALC Entry 1"
  }

  lifecycle {
    ignore_changes = [entry,]
  }

}

» Argument Reference

The following arguments are supported:

  • service_id - (Required) The ID of the Service that the ACL belongs to
  • acl_id - (Required) The ID of the ACL that the items belong to
  • entry - (Optional) A Set ACL entries that are applied to the service. Defined below

The entry block supports:

  • ip - (Required, string) An IP address that is the focus for the ACL
  • subnet - (Optional, string) An optional subnet mask applied to the IP address
  • negated - (Optional, boolean) A boolean that will negate the match if true
  • comment - (Optional, string) A personal freeform descriptive note

» Attributes Reference

» Import

This is an example of the import command being applied to the resource named fastly_service_acl_entries_v1.entries The resource ID is a combined value of the service_id and acl_id separated by a forward slash.

$ terraform import fastly_service_acl_entries_v1.entries xxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx

If Terraform is already managing remote acl entries against a resource being imported then the user will be asked to remove it from the existing Terraform state.
The following is an example of the Terraform state command to remove the resource named fastly_service_acl_entries_v1.entries from the Terraform state file.

$ terraform state rm fastly_service_acl_entries_v1.entries