Skip to content

Latest commit

 

History

History
69 lines (52 loc) · 5.46 KB

README.md

File metadata and controls

69 lines (52 loc) · 5.46 KB

Terraform Module for AWS Network Firewall

This module contains resource files and example variable definition files to create and configure an AWS Network Firewall. This module can be used to assist in deploying Cloudera Data Platform (CDP) Public Cloud in a fully private networking configuration where the CDP Environment is connected to a Networking VPC running the Firewall.

Usage

The examples directory has example of using this module:

  • ex01-minimal_inputs demonstrates how this module can be used to within a networking VPC. The terraform-aws-nfw-vpc module is also used as part of this example.

The sample terraform.tfvars.sample describes the required inputs for the example.

Requirements

Name Version
terraform > 1.3.0
aws >= 5.30

Providers

Name Version
aws >= 5.30

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.nfw_log_group resource
aws_networkfirewall_firewall.fw resource
aws_networkfirewall_firewall_policy.fw_policy resource
aws_networkfirewall_logging_configuration.nfw_log_config resource
aws_networkfirewall_rule_group.cdp_env_fw_rg resource
aws_route.vpc_tgw_route resource
aws_vpc.cdp_vpc data source
aws_vpc.network_vpc data source

Inputs

Name Description Type Default Required
cdp_firewall_rule_group_name Name of the CDP Rule Group. string n/a yes
cdp_vpc_id VPC ID for where the CDP environment is running string n/a yes
firewall_name Name of the Firewall. string n/a yes
firewall_policy_name Name of the Firewall Policy. string n/a yes
firewall_subnet_ids List of subnet ids to assign to the Firewall. list(string) n/a yes
network_vpc_id VPC ID for where the Networking components are running string n/a yes
cdp_firewall_domain_allowlist Domain allowlist for CDP Rule Group. list(string) 
[
  "cloudera.com"
]
 no
cdp_fw_rule_group_capacity Capacity (maximum number of operating resources) for the CDP Firewall Rule Group number 300 no
firewall_logging_config Logging config for cloudwatch logs created for network Firewall map(any) 
{
  "alert": {
    "retention_in_days": 3
  },
  "flow": {
    "retention_in_days": 1
  }
}
 no
route_tables_to_update List of any route tables to update to target the Firewall Endpoint 
list(object({
    route_tables           = list(string)
    availability_zones     = optional(list(string))
    destination_cidr_block = string
  }))
 [] no
tags Tags applied to provisioned resources map(any) {} no

Outputs

Name Description
nfw_arn The Amazon Resource Name (ARN) of the AWS Network Firewall
nfw_id The Amazon Resource id of the AWS Network Firewall
nfw_logging_configuration_ids The Amazon Resource id (ARN) of the logging configuration associated with the AWS Network Firewall
nfw_policy_arn The Amazon Resource Name (ARN) that identifies the firewall policy
nfw_policy_id The Amazon Resource id of the firewall policy for the AWS Network Firewall