Terraform module which creates firewall related resources on AWS.
- dns-firewall
- dns-firewall-domain-list
- dns-firewall-rule-group
- fms-dns-firewall-policy
- network-firewall
- waf-ip-set
Terraform Modules from this package were written to manage the following AWS Services with Terraform.
- AWS FMS (Firewall Manager)
- DNS Firewall Security Policy
- AWS Route53 DNS Firewall
- Firewall
- Firewall Rule Group
- Firewall Domain List
- AWS VPC Network Firewall
- Firewall
- AWS WAF (Web Application Firewall)
- IP Set
data "aws_vpc" "default" {
default = true
}
###################################################
# DNS Firewall Domain List
###################################################
module "domain_list" {
source = "tedilabs/firewall/aws//modules/dns-firewall-domain-list"
version = "~> 0.1.0"
name = "example"
domains = [
"example1.mycompany.com.",
"example2.mycompany.com.",
"example3.mycompany.com.",
]
tags = {
"project" = "terraform-aws-firewall-examples"
}
}
###################################################
# DNS Firewall Rule Group
###################################################
module "rule_group" {
source = "tedilabs/firewall/aws//modules/dns-firewall-rule-group"
version = "~> 0.1.0"
name = "block-blacklist"
rules = [
{
priority = 10
name = "block-example"
domain_list = module.domain_list.id
action = "BLOCK"
action_parameters = {
response = "OVERRIDE"
override = {
type = "CNAME"
value = "404.mycompany.com."
ttl = 60
}
}
},
]
tags = {
"project" = "terraform-aws-firewall-examples"
}
}
###################################################
# DNS Firewall
###################################################
module "firewall" {
source = "tedilabs/firewall/aws//modules/dns-firewall"
version = "~> 0.1.0"
vpc_id = data.aws_vpc.default.id
fail_open_enabled = true
rule_groups = [
{
priority = 200
id = module.rule_group.id
},
]
tags = {
"project" = "terraform-aws-firewall-examples"
}
}
Like this project? Follow the repository on GitHub. And if you're feeling especially charitable, follow posquit0 on GitHub.
Provided under the terms of the Apache License.
Copyright © 2022-2023, Byungjin Park.