Actualiser firewall-production.tf

2025-08-07 16:45:01 +02:00
parent 89594c32d2
commit e40f69bf8b
1 changed files with 20 additions and 2 deletions
--- a/firewall-production.tf
+++ b/firewall-production.tf
@@ -1,3 +1,19 @@
 #********************************************************************************************
 # Variables
 # Réseau public
 variable "public_subnets_cidr" {
  type        = list(any)
  default     = ["10.0.0.0/20", "10.0.32.0/20", "10.0.64.0/20"]
  description = "Bloc CIDR pour sous-réseau Public"
 }
 # Réseau privée
 variable "private_subnets_cidr" {
  type        = list(any)
  default     = ["10.0.16.0/20", "10.0.48.0/20", "10.0.80.0/20"]
  description = "Bloc CIDR pour sous-réseau Privée"
 #********************************************************************************************
 #
@@ -20,9 +36,9 @@ resource "aws_security_group" "allow_all" {
 }
 #
-resource "aws_networkfirewall_rule_group" "stateful_group" {
+resource "aws_networkfirewall_rule_group" "default_group" {
  capacity = 100
-  name     = "stateful-group"
+  name     = "default-group"
  type     = "STATEFUL"
  rule_group {
    rules_source {
@@ -78,6 +94,7 @@ resource "aws_networkfirewall_rule_group" "stateful_group" {
 #
 resource "aws_networkfirewall_firewall_policy" "default_policy" {
  name = "default-policy"
  firewall_policy {
    stateful_rule_group_reference {
      resource_arn = aws_networkfirewall_rule_group.stateful_group.arn
@@ -92,6 +109,7 @@ resource "aws_networkfirewall_firewall" "default_firewall" {
  name                = "default-firewall"
  firewall_policy_arn = aws_networkfirewall_firewall_policy.default_policy.arn
  vpc_id              = aws_vpc.default.id
  subnet_mapping {
    count     = length(var.public_subnets_cidr)
    subnet_id = element(aws_subnet.public_subnet.*.id, count.index)