Giters

tedilabs / terraform-aws-firewall

🌳 A sustainable Terraform Package which creates resources for Firewall Services on AWS

Home Page:https://registry.terraform.io/modules/tedilabs/firewall/aws

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

awsaws-firewallaws-wafdevopshacktoberfesthcl2iaclang-hclsretedilabsterraformterraform-awsterraform-moduleterraform-modules

terraform-aws-firewall

GitHub release (latest SemVer) GitHub pre-commit

Terraform module which creates firewall related resources on AWS.

Target AWS Services

Terraform Modules from this package were written to manage the following AWS Services with Terraform.

  • AWS FMS (Firewall Manager)
    • DNS Firewall Security Policy
  • AWS Route53 DNS Firewall
    • Firewall
    • Firewall Rule Group
    • Firewall Domain List
  • AWS VPC Network Firewall
    • Firewall
  • AWS WAF (Web Application Firewall)
    • IP Set

Usage

Route53 DNS Firewall

data "aws_vpc" "default" {
  default = true
}


###################################################
# DNS Firewall Domain List
###################################################

module "domain_list" {
  source  = "tedilabs/firewall/aws//modules/dns-firewall-domain-list"
  version = "~> 0.1.0"

  name = "example"
  domains = [
    "example1.mycompany.com.",
    "example2.mycompany.com.",
    "example3.mycompany.com.",
  ]

  tags = {
    "project" = "terraform-aws-firewall-examples"
  }
}


###################################################
# DNS Firewall Rule Group
###################################################

module "rule_group" {
  source  = "tedilabs/firewall/aws//modules/dns-firewall-rule-group"
  version = "~> 0.1.0"

  name = "block-blacklist"
  rules = [
    {
      priority    = 10
      name        = "block-example"
      domain_list = module.domain_list.id
      action      = "BLOCK"
      action_parameters = {
        response = "OVERRIDE"
        override = {
          type  = "CNAME"
          value = "404.mycompany.com."
          ttl   = 60
        }
      }
    },
  ]

  tags = {
    "project" = "terraform-aws-firewall-examples"
  }
}


###################################################
# DNS Firewall
###################################################

module "firewall" {
  source  = "tedilabs/firewall/aws//modules/dns-firewall"
  version = "~> 0.1.0"

  vpc_id            = data.aws_vpc.default.id
  fail_open_enabled = true

  rule_groups = [
    {
      priority = 200
      id       = module.rule_group.id
    },
  ]

  tags = {
    "project" = "terraform-aws-firewall-examples"
  }
}

Examples

Route53 DNS Firewall

Self Promotion

Like this project? Follow the repository on GitHub. And if you're feeling especially charitable, follow posquit0 on GitHub.

License

Provided under the terms of the Apache License.

Copyright © 2022-2023, Byungjin Park.

About

🌳 A sustainable Terraform Package which creates resources for Firewall Services on AWS

https://registry.terraform.io/modules/tedilabs/firewall/aws

awsaws-firewallaws-wafdevopshacktoberfesthcl2iaclang-hclsretedilabsterraformterraform-awsterraform-moduleterraform-modules

License:Apache License 2.0

Languages

Language:HCL 100.0%