Complete the code to create a Network ACL in AWS using Terraform.
resource "aws_network_acl" "example" { vpc_id = "[1]" }
The vpc_id must reference the VPC where the Network ACL will be created. Using a subnet ID or security group ID is incorrect.
Complete the code to add an inbound rule allowing HTTP traffic on port 80.
resource "aws_network_acl_rule" "allow_http_inbound" { network_acl_id = aws_network_acl.example.id rule_number = 100 protocol = "[1]" rule_action = "allow" egress = false cidr_block = "0.0.0.0/0" from_port = 80 to_port = 80 }
HTTP uses TCP protocol on port 80, so the protocol must be set to "tcp".
Fix the error in the rule that blocks all outbound traffic.
resource "aws_network_acl_rule" "deny_all_outbound" { network_acl_id = aws_network_acl.example.id rule_number = 200 protocol = "[1]" rule_action = "deny" egress = true cidr_block = "0.0.0.0/0" from_port = 0 to_port = 0 }
To block all protocols, the protocol must be set to "-1" in AWS Network ACL rules.
Fill both blanks to create a rule allowing inbound SSH traffic from a specific IP.
resource "aws_network_acl_rule" "allow_ssh_inbound" { network_acl_id = aws_network_acl.example.id rule_number = 110 protocol = "[1]" rule_action = "allow" egress = false cidr_block = "[2]" from_port = 22 to_port = 22 }
SSH uses TCP protocol on port 22, and the CIDR block must specify the allowed IP range, here a specific subnet.
Fill all three blanks to create a Network ACL rule that denies outbound ICMP traffic to a specific subnet.
resource "aws_network_acl_rule" "deny_icmp_outbound" { network_acl_id = aws_network_acl.example.id rule_number = 150 protocol = "[1]" rule_action = "[2]" egress = [3] cidr_block = "192.168.1.0/24" from_port = -1 to_port = -1 }
ICMP protocol is specified as "icmp". To block traffic, the action is "deny". Outbound rules have egress set to true.