Feature Request: Support Firewall Manager Policies

[bflad]

Amazon has released a new service, Firewall Manager, which provides centralized configuration of WAF rules across accounts and applications. https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-aws-firewall-manager/

Please vote on this issue by adding a 👍 reaction to the original issue to help prioritize interest. If you're interested in implementing this feature request, please comment below.

Prerequisites:

• aws-sdk-go v1.13.28: deps: Bump [email protected] and vendor acmpca, fms, and secretsmanager SDKs #4048
• meta.(*AWSClient).fmsconn: provider: Support acmpca, fms, and secretsmanager connections #4049

Terraform Version

terraform 0.10+

New Resource(s)

• aws_fms_policy

Terraform Configuration Files

# Example implementation, may change when developed
resource "aws_fms_policy" "example" {
  exclude_resource_tags = true        # Required
  name                  = "example"   # Required
  remediation_enabled   = true        # Required
  resource_tags         = ["example"] # Optional
  resource_type         = "AWS::ElasticLoadBalancingV2::LoadBalancer" # Required

  security_service_policy_data { # Required
    managed_service_data = "{}"  # Required
    type                 = "WAF" # Required
  }
}

Expected Behavior

Resource creates, updates, and deletes Firewall Manager policies.

Actual Behavior

New feature.

References

• https://docs.aws.amazon.com/waf/latest/developerguide/fms-chapter.html
• https://docs.aws.amazon.com/sdk-for-go/api/service/fms/#FMS.PutPolicy

[hhh0505]

Any update on this? Would make our life much easier to have this supported

[robh007]

I've been working on this the last week or so. I have something as a WIP I'll try and push up later today. I have a working test, however I may need to consult around set up from Organizations.

[rsclarke-vgw]

@robh007 Is this something you are continuing to work on adding:

• r/aws_fms_policy: Add new resource for AWS Firewall Manager Policy #9594 (comment)
• management of VPC security groups AWS Firewall Manager management of Amazon VPC security groups #10471

[robh007]

@rsclarke-vgw hi, I just needed some time to get back and look at to the original PR. By all means if you want to continue that's ok. If not I can try and put some time in over the next couple of weeks.

[derhally]

Any update? Was about to start using Firewall Manager. This looks very handy.

[rsclarke-vgw]

@derhally Apologies, not from myself. This is something I haven't pursued.

[fabioviana-hotmart]

Any update?

[breathingdust]

Hi all! 👋 Just wanted to direct you to our public roadmap for this quarter (Nov-Jan) in which this item has been mentioned.

Due to the significant community interest in support for this feature, we will be looking at merging existing contributions soon.

We appreciate all the contributions and feedback thus far.

Look out for support in the provider soon!

[robh007]

Hi, @breathingdust. Should I look too tidy up my original PR? Or shall I leave it as is?

[breathingdust]

Hi @robh007, if you are able to that would be great. If things stay on track you should hear from an engineer towards the end of November.

[bee-keeper]

Any updates on this?

[ghost]

This has been released in version 3.24.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!