Terraform-provider-aws: Support for AWS Network Firewall

Created on 18 Nov 2020  路  6Comments  路  Source: hashicorp/terraform-provider-aws

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

New or Affected Resource(s)

  • aws_networkfirewall_firewall_policy
  • aws_networkfirewall_firewall
  • aws_networkfirewall_rule_group
  • aws_networkfirewall_subnet_association

Potential Terraform Configuration

resource "aws_networkfirewall_firewall_policy" "example" {
  description          = "Firewall policy"
  firewall_policy_name = "firewall-policy"

  firewall_policy {
    stateful_rule_group_references {
      resoure_arn = ""
    }

    stateless_custom_actions {
      action_definition {
        publish_metric_action {
          dimensions {
            value = ""
          }
        }
      }

      action_name = "action"
    }

    stateless_default_actions          = ["actions"]
    stateless_fragment_default_actions = ["actions"]

    stateless_rule_group_references {
      priority    = 1
      resoure_arn = ""
    }
  }

  tags = {
    Key = "Value"
  }
}

resource "aws_networkfirewall_firewall" "example" {
  delete_protection                 = false
  description                       = "Firewall"
  firewall_name                     = "firewall"
  firewall_policy_arn               = aws_networkfirewall_firewall_policy.example.arn
  firewall_policy_change_protection = true
  subnet_change_protection          = false

  subnet_mappings {
    subnet_id = aws_subnet.example.id
  }

  tags = {
    Key = "Value"
  }

  vpc_id = aws_vpc.example.id
}

resource "aws_networkfirewall_rule_group" "example" {
  capacity    = 10
  description = "Rule Group"

  rule_group = {
    rules_source = {
      rules_source_list = {
        generated_rules_type = ""
        targets              = [""]
        target_types         = [""]
      }

      rules_string = ""

      stateful_rules = {
        action = ""

        header = {
          destination      = ""
          destination_port = ""
          direction        = ""
          protocol         = ""
          source           = ""
          source_port      = ""
        }

        rule_options = {
          keyword  = ""
          settings = [""]
        }
      }

      stateless_rules_and_custom_actions = {
        custom_actions = {
          action_definition = {

          }
        }

        stateless_rules = {
          # ...
        }
      }
    }
  }

  tags = {
    Key = "Value"
  }

  type = "STATELESS"
}

resource "aws_networkfirewall_subnet_association" "example" {
  firewall_arn  = aws_networkfirewall_firewall.example.arn
  firewall_name = aws_networkfirewall_firewall.example.firewall_name
  subnet_mapping = {
    subnet_id = aws_subnet.example.id
  }
}

References

  • https://aws.amazon.com/blogs/aws/aws-network-firewall-new-managed-firewall-service-in-vpc/

    • new-resource servicnetworkfirewall
    Source
    picture gazoakley
    👍9

    Most helpful comment

    Going to re-open this so folks have a place to find this out, but yes, there is code that will appear today. 馃槃

    picture bflad on 18 Nov 2020
    🎉6

    All 6 comments

    Requires https://github.com/hashicorp/terraform-provider-aws/pull/16269

    gazoakley picture gazoakley on 18 Nov 2020

    Something's odd here, the launch announcement explicitly mentions Hashicorp and Terraform:

    HashiCorp Terraform provides a declarative language for defining network protections for VPCs with AWS Network Firewall.
With HashiCorp Terraform customers can collaborate with others on their team to define firewall rules for fine-grained control over their network.
Within customers' configuration, they can also leverage AWS Firewall manager to build policies and use AWS Network Firewall to apply those policies across VPCs.

    Maybe something needs merging?

    https://aws.amazon.com/network-firewall/partners/

    bentterp picture bentterp on 18 Nov 2020

    @bentterp I think you're right. The code was probably under embargo - will close.

    gazoakley picture gazoakley on 18 Nov 2020

    Going to re-open this so folks have a place to find this out, but yes, there is code that will appear today. 馃槃

    bflad picture bflad on 18 Nov 2020
    🎉6

    Developer Guide.

    ewbankkit picture ewbankkit on 18 Nov 2020

    This has been released in version 3.16.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

    For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

    hashibot[bot] picture hashibot[bot] on 18 Nov 2020
    Was this page helpful?
    0 / 5 - 0 ratings

    Related issues

    modax picture modax  路  3Comments
    EmmN picture EmmN  路  3Comments
    hashibot picture hashibot  路  3Comments
    hashibot picture hashibot  路  3Comments
    ccslamstack picture ccslamstack  路  3Comments