https://github.com/cloudnationhq/terraform-azure-fwp
Terraform module which creates firewall policy resources used by workloads and accelerators.
https://github.com/cloudnationhq/terraform-azure-fwp
azure terraform wam
Last synced: 5 months ago
JSON representation
Terraform module which creates firewall policy resources used by workloads and accelerators.
- Host: GitHub
- URL: https://github.com/cloudnationhq/terraform-azure-fwp
- Owner: CloudNationHQ
- License: mit
- Created: 2024-09-09T14:43:06.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-07-07T08:40:38.000Z (6 months ago)
- Last Synced: 2025-07-07T09:40:44.442Z (6 months ago)
- Topics: azure, terraform, wam
- Language: HCL
- Homepage: https://registry.terraform.io/modules/CloudNationHQ/fwp/azure/latest
- Size: 109 KB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
Awesome Lists containing this project
README
# Firewall Policy
This Terraform module streamlines azure firewall policy management with customizable rule groups, collections, rules, and ip groups for scalable, secure network policies
## Features
Streamlined support for creating and managing firewall policies
Multiple collection groups, collections and rules support
Optional ip group integration in collection rule groups
Utilization of terratest for robust validation.
## Requirements
The following requirements are needed by this module:
- [terraform](#requirement\_terraform) (~> 1.0)
- [azurerm](#requirement\_azurerm) (~> 4.0)
## Providers
The following providers are used by this module:
- [azurerm](#provider\_azurerm) (~> 4.0)
## Resources
The following resources are used by this module:
- [azurerm_firewall_policy.policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy) (resource)
- [azurerm_role_assignment.role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
## Required Inputs
The following input variables are required:
Description: Contains all firewall policy configuration
Type:
```hcl
object({
name = string
resource_group_name = optional(string, null)
location = optional(string, null)
private_ip_ranges = optional(list(string), null)
sku = optional(string, "Standard")
sql_redirect_allowed = optional(bool, null)
threat_intelligence_mode = optional(string, "Alert")
base_policy_id = optional(string, null)
auto_learn_private_ranges_enabled = optional(bool, null)
tags = optional(map(string))
key_vault_id = optional(string, null)
principal_id = optional(string, null)
dns = optional(object({
proxy_enabled = optional(bool, false)
servers = optional(list(string), [])
}), null)
intrusion_detection = optional(object({
mode = optional(string, null)
private_ranges = optional(list(string), null)
traffic_bypass = optional(map(object({
protocol = string
description = optional(string, null)
destination_addresses = optional(list(string), [])
destination_ip_groups = optional(list(string), [])
destination_ports = optional(list(string), [])
source_addresses = optional(list(string), [])
source_ip_groups = optional(list(string), [])
})), {})
signature_overrides = optional(map(object({
id = optional(string, null)
state = optional(string, null)
})), {})
}), null)
identity = optional(object({
type = string
identity_ids = list(string)
}), null)
tls_certificate = optional(object({
key_vault_secret_id = string
name = string
}), null)
explicit_proxy = optional(object({
enabled = optional(bool, null)
http_port = optional(number, null)
https_port = optional(number, null)
enable_pac_file = optional(bool, null)
pac_file = optional(string, null)
pac_file_port = optional(number, null)
}), null)
threat_intelligence_allowlist = optional(object({
fqdns = optional(list(string), null)
ip_addresses = optional(list(string), null)
}), null)
insights = optional(object({
enabled = bool
default_log_analytics_workspace_id = string
retention_in_days = optional(number, null)
log_analytics_workspace = optional(map(object({
id = string
firewall_location = string
})), {})
}), null)
})
```
## Optional Inputs
The following input variables are optional (have default values):
### [location](#input\_location)
Description: default azure region to be used.
Type: `string`
Default: `null`
### [resource\_group\_name](#input\_resource\_group\_name)
Description: default resource group to be used.
Type: `string`
Default: `null`
Description: tags to be added to the resources
Type: `map(string)`
Default: `{}`
## Outputs
The following outputs are exported:
Description: Contains all firewall policy configuration
## Goals
For more information, please see our [goals and non-goals](./GOALS.md).
## Testing
For more information, please see our testing [guidelines](./TESTING.md)
## Notes
Using a dedicated module, we've developed a naming convention for resources that's based on specific regular expressions for each type, ensuring correct abbreviations and offering flexibility with multiple prefixes and suffixes.
Full examples detailing all usages, along with integrations with dependency modules, are located in the examples directory.
To update the module's documentation run `make doc`
## Contributors
We welcome contributions from the community! Whether it's reporting a bug, suggesting a new feature, or submitting a pull request, your input is highly valued.
For more information, please see our contribution [guidelines](./CONTRIBUTING.md).
## License
MIT Licensed. See [LICENSE](./LICENSE) for full details.
## References
- [Documentation](https://learn.microsoft.com/en-us/azure/firewall/policy-rule-sets)
- [Rest Api](https://learn.microsoft.com/en-us/rest/api/virtualnetwork/firewall-policies)