{"id":18898767,"url":"https://github.com/tedilabs/terraform-aws-firewall","last_synced_at":"2026-01-21T18:08:41.925Z","repository":{"id":39168212,"uuid":"493751146","full_name":"tedilabs/terraform-aws-firewall","owner":"tedilabs","description":"🌳 A sustainable Terraform Package which creates resources for Firewall Services on AWS","archived":false,"fork":false,"pushed_at":"2025-03-20T18:08:18.000Z","size":95,"stargazers_count":9,"open_issues_count":6,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-05T15:47:27.111Z","etag":null,"topics":["aws","aws-firewall","aws-waf","devops","hacktoberfest","hcl2","iac","lang-hcl","sre","tedilabs","terraform","terraform-aws","terraform-module","terraform-modules"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/tedilabs/firewall/aws","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tedilabs.png","metadata":{"funding":{"github":"tedilabs","patreon":"posquit0","ko_fi":"posquit0","custom":"https://www.paypal.me/posquit0"},"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-18T16:56:53.000Z","updated_at":"2025-03-20T18:08:22.000Z","dependencies_parsed_at":"2023-10-02T18:52:50.174Z","dependency_job_id":"8441e738-c5ff-4e4e-aab8-ece4a4c278bf","html_url":"https://github.com/tedilabs/terraform-aws-firewall","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tedilabs%2Fterraform-aws-firewall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tedilabs%2Fterraform-aws-firewall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tedilabs%2Fterraform-aws-firewall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tedilabs%2Fterraform-aws-firewall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tedilabs","download_url":"https://codeload.github.com/tedilabs/terraform-aws-firewall/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248994465,"owners_count":21195389,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-firewall","aws-waf","devops","hacktoberfest","hcl2","iac","lang-hcl","sre","tedilabs","terraform","terraform-aws","terraform-module","terraform-modules"],"created_at":"2024-11-08T08:44:06.353Z","updated_at":"2026-01-21T18:08:41.892Z","avatar_url":"https://github.com/tedilabs.png","language":"HCL","funding_links":["https://github.com/sponsors/tedilabs","https://patreon.com/posquit0","https://ko-fi.com/posquit0","https://www.paypal.me/posquit0"],"categories":[],"sub_categories":[],"readme":"# terraform-aws-firewall\n\n![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/tedilabs/terraform-aws-firewall?color=blue\u0026sort=semver\u0026style=flat-square)\n![GitHub](https://img.shields.io/github/license/tedilabs/terraform-aws-firewall?color=blue\u0026style=flat-square)\n[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white\u0026style=flat-square)](https://github.com/pre-commit/pre-commit)\n\nTerraform module which creates firewall related resources on AWS.\n\n- [dns-firewall](./modules/dns-firewall)\n- [dns-firewall-domain-list](./modules/dns-firewall-domain-list)\n- [dns-firewall-rule-group](./modules/dns-firewall-rule-group)\n- [fms-dns-firewall-policy](./modules/fms-dns-firewall-policy)\n- [network-firewall](./modules/network-firewall)\n- [waf-ip-set](./modules/waf-ip-set)\n- [waf-regex-pattern-set](./modules/waf-regex-pattern-set)\n- [waf-web-acl](./modules/waf-web-acl)\n\n\n## Target AWS Services\n\nTerraform Modules from [this package](https://github.com/tedilabs/terraform-aws-firewall) were written to manage the following AWS Services with Terraform.\n\n- **AWS FMS (Firewall Manager)**\n  - DNS Firewall Security Policy\n- **AWS Route53 DNS Firewall**\n  - Firewall\n  - Firewall Rule Group\n  - Firewall Domain List\n- **AWS VPC Network Firewall**\n  - Firewall\n- **AWS WAF (Web Application Firewall)**\n  - IP Set\n  - REGEX Pattern Set\n  - Web ACL\n\n\n## Usage\n\n### Route53 DNS Firewall\n\n```tf\ndata \"aws_vpc\" \"default\" {\n  default = true\n}\n\n\n###################################################\n# DNS Firewall Domain List\n###################################################\n\nmodule \"domain_list\" {\n  source  = \"tedilabs/firewall/aws//modules/dns-firewall-domain-list\"\n  version = \"~\u003e 0.1.0\"\n\n  name = \"example\"\n  domains = [\n    \"example1.mycompany.com.\",\n    \"example2.mycompany.com.\",\n    \"example3.mycompany.com.\",\n  ]\n\n  tags = {\n    \"project\" = \"terraform-aws-firewall-examples\"\n  }\n}\n\n\n###################################################\n# DNS Firewall Rule Group\n###################################################\n\nmodule \"rule_group\" {\n  source  = \"tedilabs/firewall/aws//modules/dns-firewall-rule-group\"\n  version = \"~\u003e 0.1.0\"\n\n  name = \"block-blacklist\"\n  rules = [\n    {\n      priority    = 10\n      name        = \"block-example\"\n      domain_list = module.domain_list.id\n      action      = \"BLOCK\"\n      action_parameters = {\n        response = \"OVERRIDE\"\n        override = {\n          type  = \"CNAME\"\n          value = \"404.mycompany.com.\"\n          ttl   = 60\n        }\n      }\n    },\n  ]\n\n  tags = {\n    \"project\" = \"terraform-aws-firewall-examples\"\n  }\n}\n\n\n###################################################\n# DNS Firewall\n###################################################\n\nmodule \"firewall\" {\n  source  = \"tedilabs/firewall/aws//modules/dns-firewall\"\n  version = \"~\u003e 0.1.0\"\n\n  vpc_id            = data.aws_vpc.default.id\n  fail_open_enabled = true\n\n  rule_groups = [\n    {\n      priority = 200\n      id       = module.rule_group.id\n    },\n  ]\n\n  tags = {\n    \"project\" = \"terraform-aws-firewall-examples\"\n  }\n}\n\n```\n\n\n## Examples\n\n### Route53 DNS Firewall\n\n- [Route53 DNS Firewall Full Version](./examples/dns-firewall-full)\n\n\n## Self Promotion\n\nLike this project? Follow the repository on [GitHub](https://github.com/tedilabs/terraform-aws-firewall). And if you're feeling especially charitable, follow **[posquit0](https://github.com/posquit0)** on GitHub.\n\n\n## License\n\nProvided under the terms of the [Apache License](LICENSE).\n\nCopyright © 2022-2025, [Byungjin Park](https://www.posquit0.com).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftedilabs%2Fterraform-aws-firewall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftedilabs%2Fterraform-aws-firewall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftedilabs%2Fterraform-aws-firewall/lists"}