Skip to content

Latest commit

 

History

History
138 lines (99 loc) · 3.37 KB

README.md

File metadata and controls

138 lines (99 loc) · 3.37 KB

terraform-aws-firewall

GitHub release (latest SemVer) GitHub pre-commit

Terraform module which creates firewall related resources on AWS.

Target AWS Services

Terraform Modules from this package were written to manage the following AWS Services with Terraform.

  • AWS FMS (Firewall Manager)
    • DNS Firewall Security Policy
  • AWS Route53 DNS Firewall
    • Firewall
    • Firewall Rule Group
    • Firewall Domain List
  • AWS VPC Network Firewall
    • Firewall
  • AWS WAF (Web Application Firewall)
    • IP Set

Usage

Route53 DNS Firewall

data "aws_vpc" "default" {
  default = true
}


###################################################
# DNS Firewall Domain List
###################################################

module "domain_list" {
  source  = "tedilabs/firewall/aws//modules/dns-firewall-domain-list"
  version = "~> 0.1.0"

  name = "example"
  domains = [
    "example1.mycompany.com.",
    "example2.mycompany.com.",
    "example3.mycompany.com.",
  ]

  tags = {
    "project" = "terraform-aws-firewall-examples"
  }
}


###################################################
# DNS Firewall Rule Group
###################################################

module "rule_group" {
  source  = "tedilabs/firewall/aws//modules/dns-firewall-rule-group"
  version = "~> 0.1.0"

  name = "block-blacklist"
  rules = [
    {
      priority    = 10
      name        = "block-example"
      domain_list = module.domain_list.id
      action      = "BLOCK"
      action_parameters = {
        response = "OVERRIDE"
        override = {
          type  = "CNAME"
          value = "404.mycompany.com."
          ttl   = 60
        }
      }
    },
  ]

  tags = {
    "project" = "terraform-aws-firewall-examples"
  }
}


###################################################
# DNS Firewall
###################################################

module "firewall" {
  source  = "tedilabs/firewall/aws//modules/dns-firewall"
  version = "~> 0.1.0"

  vpc_id            = data.aws_vpc.default.id
  fail_open_enabled = true

  rule_groups = [
    {
      priority = 200
      id       = module.rule_group.id
    },
  ]

  tags = {
    "project" = "terraform-aws-firewall-examples"
  }
}

Examples

Route53 DNS Firewall

Self Promotion

Like this project? Follow the repository on GitHub. And if you're feeling especially charitable, follow posquit0 on GitHub.

License

Provided under the terms of the Apache License.

Copyright © 2022-2023, Byungjin Park.