| layout | page_title | sidebar_current | description |
|---|---|---|---|
fastly |
Fastly: service_acl_entries_v1 |
docs-fastly-resource-service-acl-entries-v1 |
Defines a set of Fastly ACL entries that can be used to populate a service ACL. |
Defines a set of Fastly ACL entries that can be used to populate a service ACL. This resource will populate an ACL with the entries and will track their state.
~> Warning: Terraform will take precedence over any changes you make in the UI or API. Such changes are likely to be reversed if you run Terraform again.
If Terraform is being used to populate the initial content of an ACL which you intend to manage via API or UI, then the lifecycle ignore_changes field can be used with the resource. An example of this configuration is provided below.
Basic usage:
variable "myacl_name" {
type = string
default = "My ACL"
}
resource "fastly_service_v1" "myservice" {
name = "demofastly"
domain {
name = "demo.notexample.com"
comment = "demo"
}
backend {
address = "demo.notexample.com.s3-website-us-west-2.amazonaws.com"
name = "AWS S3 hosting"
port = 80
}
acl {
name = var.myacl_name
}
force_destroy = true
}
resource "fastly_service_acl_entries_v1" "entries" {
service_id = fastly_service_v1.myservice.id
acl_id = {for d in fastly_service_v1.myservice.acl : d.name => d.acl_id}[var.myacl_name]
entry {
ip = "127.0.0.1"
subnet = "24"
negated = false
comment = "ALC Entry 1"
}
}Complex object usage:
The following example demonstrates the use of dynamic nested blocks to create ACL entries.
locals {
acl_name = "my_acl"
acl_entries = [
{
ip = "1.2.3.4"
comment = "acl_entry_1"
},
{
ip = "1.2.3.5"
comment = "acl_entry_2"
},
{
ip = "1.2.3.6"
comment = "acl_entry_3"
}
]
}
resource "fastly_service_v1" "myservice" {
name = "demofastly"
domain {
name = "demo.notexample.com"
comment = "demo"
}
backend {
address = "1.2.3.4"
name = "localhost"
port = 80
}
acl {
name = local.acl_name
}
force_destroy = true
}
resource "fastly_service_acl_entries_v1" "entries" {
service_id = fastly_service_v1.myservice.id
acl_id = { for d in fastly_service_v1.myservice.acl : d.name => d.acl_id }[local.acl_name]
dynamic "entry" {
for_each = [for e in local.acl_entries : {
ip = e.ip
comment = e.comment
}]
content {
ip = entry.value.ip
subnet = 22
comment = entry.value.comment
negated = false
}
}
}The following example demonstrates how the lifecycle ignore_changes field can be used to suppress updates against the
entries in an ACL. If, after your first deploy, the Fastly API or UI is to be used to manage entries in an ACL, then this will stop Terraform realigning the remote state with the initial set of ACL entries defined in your HCL.
...
resource "fastly_service_acl_entries_v1" "entries" {
service_id = fastly_service_v1.myservice.id
acl_id = {for d in fastly_service_v1.myservice.acl : d.name => d.acl_id}[var.myacl_name]
entry {
ip = "127.0.0.1"
subnet = "24"
negated = false
comment = "ALC Entry 1"
}
lifecycle {
ignore_changes = [entry,]
}
}The following arguments are supported:
service_id- (Required) The ID of the Service that the ACL belongs toacl_id- (Required) The ID of the ACL that the items belong toentry- (Optional) A Set ACL entries that are applied to the service. Defined below
The entry block supports:
ip- (Required, string) An IP address that is the focus for the ACLsubnet- (Optional, string) An optional subnet mask applied to the IP addressnegated- (Optional, boolean) A boolean that will negate the match if truecomment- (Optional, string) A personal freeform descriptive note
This is an example of the import command being applied to the resource named fastly_service_acl_entries_v1.entries
The resource ID is a combined value of the service_id and acl_id separated by a forward slash.
$ terraform import fastly_service_acl_entries_v1.entries xxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxIf Terraform is already managing remote acl entries against a resource being imported then the user will be asked to remove it from the existing Terraform state.
The following is an example of the Terraform state command to remove the resource named fastly_service_acl_entries_v1.entries from the Terraform state file.
$ terraform state rm fastly_service_acl_entries_v1.entries