Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tedilabs/terraform-aws-firewall
🌳 A sustainable Terraform Package which creates resources for Firewall Services on AWS
https://github.com/tedilabs/terraform-aws-firewall
aws aws-firewall aws-waf devops hacktoberfest hcl2 iac lang-hcl sre tedilabs terraform terraform-aws terraform-module terraform-modules
Last synced: about 3 hours ago
JSON representation
🌳 A sustainable Terraform Package which creates resources for Firewall Services on AWS
- Host: GitHub
- URL: https://github.com/tedilabs/terraform-aws-firewall
- Owner: tedilabs
- License: apache-2.0
- Created: 2022-05-18T16:56:53.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-06-28T05:43:52.000Z (4 months ago)
- Last Synced: 2024-06-28T06:46:13.130Z (4 months ago)
- Topics: aws, aws-firewall, aws-waf, devops, hacktoberfest, hcl2, iac, lang-hcl, sre, tedilabs, terraform, terraform-aws, terraform-module, terraform-modules
- Language: HCL
- Homepage: https://registry.terraform.io/modules/tedilabs/firewall/aws
- Size: 84 KB
- Stars: 9
- Watchers: 1
- Forks: 2
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# terraform-aws-firewall
[](https://github.com/pre-commit/pre-commit)
Terraform module which creates firewall related resources on AWS.
- [dns-firewall](./modules/dns-firewall)
- [dns-firewall-domain-list](./modules/dns-firewall-domain-list)
- [dns-firewall-rule-group](./modules/dns-firewall-rule-group)
- [fms-dns-firewall-policy](./modules/fms-dns-firewall-policy)
- [network-firewall](./modules/network-firewall)
- [waf-ip-set](./modules/waf-ip-set)
## Target AWS Services
Terraform Modules from [this package](https://github.com/tedilabs/terraform-aws-firewall) were written to manage the following AWS Services with Terraform.
- **AWS FMS (Firewall Manager)**
- DNS Firewall Security Policy
- **AWS Route53 DNS Firewall**
- Firewall
- Firewall Rule Group
- Firewall Domain List
- **AWS VPC Network Firewall**
- Firewall
- **AWS WAF (Web Application Firewall)**
- IP Set
## Usage
### Route53 DNS Firewall
```tf
data "aws_vpc" "default" {
default = true
}
###################################################
# DNS Firewall Domain List
###################################################
module "domain_list" {
source = "tedilabs/firewall/aws//modules/dns-firewall-domain-list"
version = "~> 0.1.0"
name = "example"
domains = [
"example1.mycompany.com.",
"example2.mycompany.com.",
"example3.mycompany.com.",
]
tags = {
"project" = "terraform-aws-firewall-examples"
}
}
###################################################
# DNS Firewall Rule Group
###################################################
module "rule_group" {
source = "tedilabs/firewall/aws//modules/dns-firewall-rule-group"
version = "~> 0.1.0"
name = "block-blacklist"
rules = [
{
priority = 10
name = "block-example"
domain_list = module.domain_list.id
action = "BLOCK"
action_parameters = {
response = "OVERRIDE"
override = {
type = "CNAME"
value = "404.mycompany.com."
ttl = 60
}
}
},
]
tags = {
"project" = "terraform-aws-firewall-examples"
}
}
###################################################
# DNS Firewall
###################################################
module "firewall" {
source = "tedilabs/firewall/aws//modules/dns-firewall"
version = "~> 0.1.0"
vpc_id = data.aws_vpc.default.id
fail_open_enabled = true
rule_groups = [
{
priority = 200
id = module.rule_group.id
},
]
tags = {
"project" = "terraform-aws-firewall-examples"
}
}
```
## Examples
### Route53 DNS Firewall
- [Route53 DNS Firewall Full Version](./examples/dns-firewall-full)
## Self Promotion
Like this project? Follow the repository on [GitHub](https://github.com/tedilabs/terraform-aws-firewall). And if you're feeling especially charitable, follow **[posquit0](https://github.com/posquit0)** on GitHub.
## License
Provided under the terms of the [Apache License](LICENSE).
Copyright © 2022-2023, [Byungjin Park](https://www.posquit0.com).