networkfirewall
aws-ia/networkfirewall/aws
Terraform module to deploy AWS Network Firewall
AWS Network Firewall Module NOTE: For information regarding the 1.0 upgrade see our upgrade guide AWS Network Firewall is a managed network security service that makes it easy to deploy threat prevention for Amazon VPCs. This module can be used to deploy an AWS Network Firewall resource in the desired VPC, automating all the routing and logging configuration when the resource is deployed. The module only handles the creation of the infrastructure, leaving full freedom to the user when defining the firewall rules (which should be done outside the module). Same applies to IAM roles and KMS keys when you define the firewall logging - rememeber that it is a best practice to encryt at rest your firewall logs. Usage To create AWS Network Firewall in your VPC, you need to provide the following in
| Name | Type | Description | Default |
|---|---|---|---|
| network_firewall_name | string | Name to give the AWS Network Firewall resource created. | |
| network_firewall_description | string | A friendly description of the firewall resource. | |
| vpc_id | string | VPC ID to place the Network Firewall endpoints. | |
| network_firewall_policy | string | ARN of the firewall policy to include in AWS Network Firewall. | |
| number_azs | number | Number of Availability Zones to place the Network Firewall endpoints. | |
| vpc_subnets | map(string) | Map of subnet IDs to place the Network Firewall endpoints. The expected format o | |
| network_firewall_delete_protection | bool | A boolean flag indicating whether it is possible to delete the firewall. Default | false |
| network_firewall_policy_change_protection | bool | A boolean flag indicating whether it is possible to change the associated firewa | false |
| network_firewall_subnet_change_protection | bool | A boolean flag indicating whether it is possible to change the associated subnet | false |
| tags | map(string) | Tags to apply to the resources. | {} |
| logging_configuration | any | Configuration of the logging desired for the Network Firewall. You can configure | {} |
| network_firewall_encryption_key_arn | string | Customer managed KMS Key ARN for encryption at rest. | null |
| routing_configuration | any | Configuration of the routing desired in the VPC. Depending the VPC type, the inf | {} |
aws_network_firewall — Full output of aws_networkfirewall_firewall resource.