Dynamically create an AWS Network Firewall policy & rule group from a source json file
{
"default_open": {
"action": "PASS",
"source_ip": "0.0.0.0/0",
"destination_ip": "0.0.0.0/0",
"destination_port": "ANY",
"protocol": "IP"
}
}locals {
example_rules = jsondecode(file("./example_rules.json"))
}
resource "aws_networkfirewall_firewall" "example" {
name = "example-firewall"
firewall_policy_arn = module.fw-rules.fw_policy_arn
vpc_id = aws_vpc.example.id
subnet_mapping {
subnet_id = aws_subnet.example.id
}
}
module "fw-rules" {
source = "github.com/dms1981/terraform-dynamic-fw-policy"
fw_policy_name = "example-policy"
fw_rulegroup_name = "example-rulegroup"
rules = local.firewall_rules
}| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | ~> 4.0 |
| Name | Version |
|---|---|
| aws | ~> 4.0 |
No modules.
| Name | Type |
|---|---|
| aws_networkfirewall_firewall_policy.main | resource |
| aws_networkfirewall_rule_group.stateful | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| fw_policy_name | Name given to firewall policy | string |
n/a | yes |
| fw_policy_rule_order | Ordering mode for firewall policy rule assessment | string |
"DEFAULT_ACTION_ORDER" |
no |
| fw_rulegroup_capacity | How many capacity units should be assigned to this rulegroup? | string |
"10000" |
no |
| fw_rulegroup_name | Name given to firewall rulegroup | string |
n/a | yes |
| rules | A map of values supplied to create firewall rules | map(any) |
n/a | yes |
| tags | A map of keys and values used to apply metadata tags | map(any) |
n/a | yes |
| Name | Description |
|---|---|
| fw_policy_arn | n/a |