The easiest way to implement this access list would be to use Ansible. We have already looked at Ansible in the last two chapters, but it is worth repeating the advantages of using Ansible in this scenario:
- Easier management: For a long access list, we are able to utilize the include statement to break it into more manageable pieces. The smaller pieces can then be managed by other teams or service owners.
- Idempotency: We can schedule the playbook at a regular interval and only the necessary changes will be made.
- Each task is explicit: We can separate the construct of the entries as well as apply the access list to the proper interface.
- Reusability: In the future, if we add additional external-facing ...