Hubert Cornet
7e777f98f4
All checks were successful
Terraform Apply / Terraform Apply (push) Successful in 3m55s
113 lines
2.7 KiB
HCL
113 lines
2.7 KiB
HCL
#********************************************************************************************
|
|
#
|
|
|
|
#
|
|
resource "aws_security_group" "allow_all" {
|
|
name = "allow_all"
|
|
vpc_id = aws_vpc.default.id
|
|
ingress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
egress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
}
|
|
|
|
#
|
|
resource "aws_networkfirewall_rule_group" "default_group" {
|
|
capacity = 100
|
|
name = "default-group"
|
|
type = "STATEFUL"
|
|
rule_group {
|
|
rules_source {
|
|
stateful_rule {
|
|
action = "DROP"
|
|
header {
|
|
protocol = "TCP"
|
|
source = "ANY"
|
|
source_port = "ANY"
|
|
direction = "ANY"
|
|
destination = "ANY"
|
|
destination_port = "ANY"
|
|
}
|
|
rule_option {
|
|
keyword = "sid"
|
|
settings = ["1"]
|
|
}
|
|
}
|
|
stateful_rule {
|
|
action = "PASS"
|
|
header {
|
|
protocol = "TCP"
|
|
source = "10.0.1.0/24"
|
|
source_port = "ANY"
|
|
direction = "ANY"
|
|
destination = "ANY"
|
|
destination_port = "80"
|
|
}
|
|
rule_option {
|
|
keyword = "sid"
|
|
settings = ["2"]
|
|
}
|
|
}
|
|
stateful_rule {
|
|
action = "PASS"
|
|
header {
|
|
protocol = "TCP"
|
|
source = "ANY"
|
|
source_port = "ANY"
|
|
direction = "ANY"
|
|
destination = "10.0.2.0/24"
|
|
destination_port = "443"
|
|
}
|
|
rule_option {
|
|
keyword = "sid"
|
|
settings = ["3"]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
#
|
|
resource "aws_networkfirewall_firewall_policy" "default_policy" {
|
|
name = "default-policy"
|
|
|
|
firewall_policy {
|
|
stateful_rule_group_reference {
|
|
resource_arn = aws_networkfirewall_rule_group.default_group.arn
|
|
}
|
|
stateless_default_actions = ["aws:forward_to_sfe"]
|
|
stateless_fragment_default_actions = ["aws:forward_to_sfe"]
|
|
}
|
|
}
|
|
|
|
#
|
|
resource "aws_networkfirewall_firewall" "default_firewall" {
|
|
name = "default-firewall"
|
|
firewall_policy_arn = aws_networkfirewall_firewall_policy.default_policy.arn
|
|
vpc_id = aws_vpc.default.id
|
|
|
|
dynamic "subnet_mapping" {
|
|
for_each = aws_subnet.public_subnet[*].id
|
|
|
|
content {
|
|
subnet_id = subnet_mapping.value
|
|
}
|
|
}
|
|
|
|
# subnet_mapping {
|
|
# count = length(var.public_subnets_cidr)
|
|
# subnet_id = element(aws_subnet.public_subnet.*.id, count.index)
|
|
# }
|
|
# subnet_mapping {
|
|
# count = length(var.private_subnets_cidr)
|
|
# subnet_id = element(aws_subnet.private_subnet.*.id, count.index)
|
|
# }
|
|
} |