Merge pull request #881 from cloud-gov/s3asg

Adding new S3 ranges to trusted local asg

terraform/stack/asg.tf

@@ -181,20 +181,16 @@ resource "cloudfoundry_asg" "trusted_local_networks" {
     ports       = "443"
   }
   # S3 Gateway access
-  rule {
-    protocol    = "tcp"
-    description = "Allow access to AWS S3 Gateway"
-    destination = data.terraform_remote_state.iaas.outputs.s3_gateway_endpoint_cidr_1
-    ports       = "443"
-  }
-
-  rule {
+  dynamic "rule" {
+
+    for_each = data.terraform_remote_state.iaas.outputs.s3_gateway_endpoint_cidrs
+    iterator = rule
+
     protocol    = "tcp"
     description = "Allow access to AWS S3 Gateway"
-    destination = data.terraform_remote_state.iaas.outputs.s3_gateway_endpoint_cidr_2
+    destination = rule.value
     ports       = "443"
   }
-
 }
 
 # New trusted networks asg to apply to spaces individually, not globally.
@@ -268,17 +264,14 @@ resource "cloudfoundry_asg" "trusted_local_networks_egress" {
     ports       = "443"
   }
   # S3 Gateway access
-  rule {
-    protocol    = "tcp"
-    description = "Allow access to AWS S3 Gateway"
-    destination = data.terraform_remote_state.iaas.outputs.s3_gateway_endpoint_cidr_1
-    ports       = "443"
-  }
+  dynamic "rule" {
+
+    for_each = data.terraform_remote_state.iaas.outputs.s3_gateway_endpoint_cidrs
+    iterator = rule
 
-  rule {
     protocol    = "tcp"
     description = "Allow access to AWS S3 Gateway"
-    destination = data.terraform_remote_state.iaas.outputs.s3_gateway_endpoint_cidr_2
+    destination = rule.value
     ports       = "443"
   }
 }