README.md

terraform-dynamic-fw-policy

Dynamically create an AWS Network Firewall policy & rule group from a source json file

Example source json

{
  "default_open": {
    "action": "PASS",
    "source_ip": "0.0.0.0/0",
    "destination_ip": "0.0.0.0/0",
    "destination_port": "ANY",
    "protocol": "IP"
  }
}

Example terraform

locals {
  example_rules = jsondecode(file("./example_rules.json"))
}

resource "aws_networkfirewall_firewall" "example" {
  name                = "example-firewall"
  firewall_policy_arn = module.fw-rules.fw_policy_arn
  vpc_id              = aws_vpc.example.id
  subnet_mapping {
    subnet_id = aws_subnet.example.id
  }
}

module "fw-rules" {
  source = "github.com/dms1981/terraform-dynamic-fw-policy"
  fw_policy_name    = "example-policy"
  fw_rulegroup_name = "example-rulegroup"
  rules             = local.firewall_rules
}

Requirements

Name	Version
terraform	>= 1.0
aws	~> 4.0

Providers

Name	Version
aws	~> 4.0

Modules

No modules.

Resources

Name	Type
aws_networkfirewall_firewall_policy.main	resource
aws_networkfirewall_rule_group.stateful	resource

Inputs

Name	Description	Type	Default	Required
fw_policy_name	Name given to firewall policy	string	n/a	yes
fw_policy_rule_order	Ordering mode for firewall policy rule assessment	string	"DEFAULT_ACTION_ORDER"	no
fw_rulegroup_capacity	How many capacity units should be assigned to this rulegroup?	string	"10000"	no
fw_rulegroup_name	Name given to firewall rulegroup	string	n/a	yes
rules	A map of values supplied to create firewall rules	map(any)	n/a	yes
tags	A map of keys and values used to apply metadata tags	map(any)	n/a	yes

Outputs

Name	Description
fw_policy_arn	n/a