From e40f69bf8b64e9d5ece1ce97853c6467d2ff066f Mon Sep 17 00:00:00 2001 From: Hubert Cornet Date: Thu, 7 Aug 2025 16:45:01 +0200 Subject: [PATCH] Actualiser firewall-production.tf --- firewall-production.tf | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/firewall-production.tf b/firewall-production.tf index c9f0f91..097c9c3 100644 --- a/firewall-production.tf +++ b/firewall-production.tf @@ -1,3 +1,19 @@ +#******************************************************************************************** +# Variables + +# Réseau public +variable "public_subnets_cidr" { + type = list(any) + default = ["10.0.0.0/20", "10.0.32.0/20", "10.0.64.0/20"] + description = "Bloc CIDR pour sous-réseau Public" +} + +# Réseau privée +variable "private_subnets_cidr" { + type = list(any) + default = ["10.0.16.0/20", "10.0.48.0/20", "10.0.80.0/20"] + description = "Bloc CIDR pour sous-réseau Privée" + #******************************************************************************************** # @@ -20,9 +36,9 @@ resource "aws_security_group" "allow_all" { } # -resource "aws_networkfirewall_rule_group" "stateful_group" { +resource "aws_networkfirewall_rule_group" "default_group" { capacity = 100 - name = "stateful-group" + name = "default-group" type = "STATEFUL" rule_group { rules_source { @@ -78,6 +94,7 @@ resource "aws_networkfirewall_rule_group" "stateful_group" { # resource "aws_networkfirewall_firewall_policy" "default_policy" { name = "default-policy" + firewall_policy { stateful_rule_group_reference { resource_arn = aws_networkfirewall_rule_group.stateful_group.arn @@ -92,6 +109,7 @@ resource "aws_networkfirewall_firewall" "default_firewall" { name = "default-firewall" firewall_policy_arn = aws_networkfirewall_firewall_policy.default_policy.arn vpc_id = aws_vpc.default.id + subnet_mapping { count = length(var.public_subnets_cidr) subnet_id = element(aws_subnet.public_subnet.*.id, count.index)