Giter VIP home page Giter VIP logo

terraform-aws-network-firewall's Introduction

AWS Network Firewall Module

AWS Network Firewall Module which creates

  • Stateful Firewall rule group with 5-tuple option
  • Stateful Firewall rule group domain option
  • Stateful firewall rule group with Suricta Compatible IPS rules option
  • Statelless Furewall rule group
  • Firewall Policy with attached above rule group
  • Firewall Network

Usage

module "network_firewall" {
    source  = "mattyait/network-firewall/aws"
    version = "0.1.0"
    firewall_name = "example"
    vpc_id        = "vpc-27517c40"

    #Passing Individual Subnet ID to have required endpoint
    subnet_mapping = [
        { subnet_id : subnet-da6b7ebd },
        { subnet_id : subnet-a256d2fa }
    ]

    fivetuple_stateful_rule_group = [
        {
        capacity    = 100
        name        = "stateful"
        description = "Stateful rule example1 with 5 tuple option"
        rule_config = [{
            protocol              = "TCP"
            source_ipaddress      = "1.2.3.4/32"
            source_port           = 443
            destination_ipaddress = "124.1.1.5/32"
            destination_port      = 443
            direction             = "any"
            actions = {
            type = "pass"
            }
        }]
        },
    ]

    # Stateless Rule Group
    stateless_rule_group = [
        {
        capacity    = 100
        name        = "stateless"
        description = "Stateless rule example1"
        rule_config = [{
            priority              = 1
            protocols_number      = [6]
            source_ipaddress      = "1.2.3.4/32"
            source_from_port      = 443
            source_to_port        = 443
            destination_ipaddress = "124.1.1.5/32"
            destination_from_port = 443
            destination_to_port   = 443
            tcp_flag = {
            flags = ["SYN"]
            masks = ["SYN", "ACK"]
            }
            actions = {
            type = "pass"
            }
        }]
        }]

    tags = {
        Name        = "example"
        Environment = "Test"
        Created_By  = "Terraform"
    }
}

Inputs

Name Description
firewall_name firewall name
vpc_id VPC ID
subnet_mapping Subnet ids mapping to have individual firewall endpoint
domain_stateful_rule_group Config for domain type stateful rule group
fivetuple_stateful_rule_group Config for 5-tuple type stateful rule group
suricata_stateful_rule_group Config for Suricata type stateful rule group
stateless_rule_group Config for stateless rule group
tags tags to add to all resources

Outputs

Name Description
network_firewall_arn_out Network Firewall ARN from network_firewall module
network_firewall_endpoint_id Network Firewall endpoint id List
network_firewall_id_out Network Firewall ID from network_firewall module

terraform-aws-network-firewall's People

Contributors

mattyait avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.