- This module for creating AWS Network Firewall by Terraform
- Source: https://github.com/mattyait/terraform-aws-network-firewall
Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional documentation, we greatly value feedback and contributions from our community.
Please read through CONTRIBUTING before submitting any issues or pull requests to ensure we have all the necessary information to effectively respond to your bug report or contribution.
- Configuration link
module "nfw" {
source = "../"
for_each = var.nfw
nfw_name = each.value.nfw_name
vpc_id = each.value.vpc_id
subnet_mapping = each.value.subnet_mapping
logging_config = try(each.value.logging_config, {})
prefix = local.app_env_prefix
# Five Tuple Firewall Rule Group
fivetuple_stateful_rule_group = try(concat(each.value.fivetuple_stateful_rule_group, var.fivetuple_stateful_rule_group), [])
# Stateless Rule Group
stateless_rule_group = try(concat(each.value.stateless_rule_group, var.stateless_rule_group), [])
#Suricate Firewall Rule Group
suricata_stateful_rule_group = try(concat(each.value.suricata_stateful_rule_group, var.suricata_stateful_rule_group), [])
#Domain Firewall Rule Group
domain_stateful_rule_group = try(concat(each.value.domain_stateful_rule_group, var.domain_stateful_rule_group), [])
tags = {
"end_to_end" = "true"
}
}
locals {
app_env_prefix = "${lookup(var.default_tags, "component", "-")}-${lookup(var.default_tags, "env", "-")}"
}| Name | Version |
|---|---|
| aws | ~> 4.31.0 |
| Name | Version |
|---|---|
| aws | ~> 4.31.0 |
No modules.
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.nfw | resource |
| aws_networkfirewall_firewall.this | resource |
| aws_networkfirewall_firewall_policy.this | resource |
| aws_networkfirewall_logging_configuration.this | resource |
| aws_networkfirewall_rule_group.domain_stateful_group | resource |
| aws_networkfirewall_rule_group.fivetuple_stateful_group | resource |
| aws_networkfirewall_rule_group.stateless_group | resource |
| aws_networkfirewall_rule_group.suricata_stateful_group | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| description | n/a | string |
"" |
no |
| domain_stateful_rule_group | Config for domain type stateful rule group | list(any) |
[] |
no |
| firewall_policy_change_protection | (optional) we set false because we apply gitops for this | string |
false |
no |
| fivetuple_stateful_rule_group | Config for 5-tuple type stateful rule group | list(any) |
[] |
no |
| logging_config | (optional) Logging config for network firewall | map(any) |
{} |
no |
| nfw_name | firewall name | string |
"example" |
no |
| prefix | The descriptio for each environment, ie: bin-dev | string |
n/a | yes |
| stateless_default_actions | Default stateless Action | string |
"forward_to_sfe" |
no |
| stateless_fragment_default_actions | Default Stateless action for fragmented packets | string |
"forward_to_sfe" |
no |
| stateless_rule_group | Config for stateless rule group | list(any) |
n/a | yes |
| subnet_change_protection | (optional) we set false because we apply gitops for this | string |
false |
no |
| subnet_mapping | Subnet ids mapping to have individual firewall endpoint | any |
n/a | yes |
| suricata_stateful_rule_group | Config for Suricata type stateful rule group | list(any) |
[] |
no |
| tags | The tags for the resources | map(any) |
{} |
no |
| vpc_id | VPC ID | string |
n/a | yes |
| Name | Description |
|---|---|
| arn | Created Network Firewall ARN from network_firewall module |
| endpoint_id | Created Network Firewall endpoint id |
| id | Created Network Firewall ID from network_firewall module |