Skip to content

slovink/terraform-google-firewall

BranchesTags

Repository files navigation

Terraform google firewall

Terraform module to create firewall resource on google.

Terraform Licence

Terraform-google-firewall

Terraform Google Cloud Firewall Module

Table of Contents

Introduction

This project deploys a Google Cloud infrastructure using Terraform to create firewall .

Usage

To get started, make sure you have configured your GCP provider. You can use the following code as a starting point:

Example: firewall

module "firewall" {
  source        = "git::https://github.com/slovink/terraform-google-firewall.git?ref=v1.0.0"
  name          = "app"
  environment   = "test"
  firewall       = module.vpc.vpc_id
  priority      = 1000
  source_ranges = ["0.0.0.0/0"]

  allow = [
    {
      protocol = "tcp"
      ports    = ["22", "80"]
    }
  ]
}

Make sure to configure the provider block with your GCP credentials or use other authentication methods. Adjust the variables according to your requirements.

Examples

For detailed examples on how to use these modules, please refer to the Examples directory within this repository.

Author

Your Name Replace MIT and slovink with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Requirements

Name Version
terraform >=1.9.5
google >= 3.50.0, < 5.11.0

Providers

Name Version
google >= 3.50.0, < 5.11.0

Modules

Name Source Version
labels git::https://github.com/slovink/terraform-google-labels.git v1.0.0

Resources

Name Type
google_compute_firewall.rules resource
google_client_config.current data source

Inputs

Name Description Type Default Required
egress_rules List of egress firewall rules. 
list(object({
    name                    = string
    description             = optional(string, null)
    disabled                = optional(bool, null)
    direction               = string # "EGRESS"
    destination_ranges      = optional(list(string), ["0.0.0.0/0"])
    target_tags             = optional(list(string), null)
    target_service_accounts = optional(list(string), null)
    priority                = optional(number, 1000)
    allow = optional(list(object({
      protocol = string
      ports    = optional(list(string), ["all"])
    })), [])
    deny = optional(list(object({
      protocol = string
      ports    = optional(list(string), null)
    })), [])
  }))
 
[
  {
    "allow": [
      {
        "ports": [],
        "protocol": "all"
      }
    ],
    "description": "Allow all egress traffic",
    "destination_ranges": [
      "0.0.0.0/0"
    ],
    "direction": "EGRESS",
    "disabled": false,
    "name": "allow-all-egress",
    "priority": 1000
  }
]
 no
environment Environment (e.g. prod, dev, staging). string "" no
ingress_rules List of ingress firewall rules. 
list(object({
    name                    = string
    description             = optional(string, null)
    disabled                = optional(bool, null)
    direction               = string # "INGRESS"
    source_ranges           = optional(list(string), ["0.0.0.0/0"])
    source_tags             = optional(list(string), null)
    source_service_accounts = optional(list(string), null)
    target_tags             = optional(list(string), null)
    target_service_accounts = optional(list(string), null)
    priority                = optional(number, 1000)
    allow = optional(list(object({
      protocol = string
      ports    = optional(list(string), ["all"])
    })), [])
    deny = optional(list(object({
      protocol = string
      ports    = optional(list(string), null)
    })), [])
  }))
 null no
label_order Label order, e.g. sequence of application name and environment name,environment, 'attribute' [webserver,qa,devops,public,]. list(string) 
[
  "name",
  "environment"
]
 no
managedby ManagedBy, e.g. 'contact@slovink.com'. string "contact@slovink.com" no
name Name of the resource. Provided by the client when the resource is created. string "" no
network (Required) The VPC network the subnets belong to. Only networks that are in distributed mode can have subnetworks. string "" no
repository Terraform current module repository. string "https://github.com/slovink/terraform-google-firewall" no

Outputs

Name Description
firewall_creation_timestamps Creation timestamps of the created firewall rules.
firewall_id IDs of the created firewall rules.
firewall_names Names of the created firewall rules.
firewall_self_links Self-links of the created firewall rules.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Mar 7, 2024

Packages

No packages published

Contributors 5

Languages